Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

1. Think of the multi-user business applications that you use at work (i.e., Qui

ID: 2581809 • Letter: 1

Question

1. Think of the multi-user business applications that you use at work (i.e., QuickBooks, Canvas, Peachtree Accounting and the like, *not* Microsoft Office Suite types). These multi-user business applications are often responsible for the creation, aggregation and dissemination of information that your organization uses for decision making, financial reporting and analysis.

How would you go about developing an audit program for this application? Where would you look? What framework would you find most useful, and why?

Explanation / Answer

Audit program details are specific to individual organizations based on their unique needs, but audit plan preparation will consider the audit's relevant regulatory deadlines, staff requirements and reporting structure, and overall goals. In particular, these goals will consider how the company will maintain regulatory compliance via risk assessmentand management procedures. The audit program should also include a timeline detailing when specific aspects of the audit program should take place and how they should be prioritized.

Audit program planning is usually a continual and iterative process. During audit planning and development, companies can build on lessons learned from previous audits by implementing newly learned best practices that alleviate risk and maintain compliance. Audit development guidelines and best practices vary by industry, but local and regional auditing certifications are available, as are internationally recognized audit certifications. These certifications include Certified Internal Auditor and Certified Information Systems Auditor, and membership in the International Register of Certificated Auditors.

According to the guide, the audit process consists of three phases: planning, fieldwork and documentation, and reporting and follow-up. The planning phase consists of five distinct steps.

Pre-audit planning includes tasks such as conducting a risk assessment, identifying regulatory compliance requirements and determining the resources that will be needed to perform the audit.

The final planning step—determining audit procedures and steps for data gathering—involves activities such as obtaining departmental policies for review, developing methodology to test and verify controls, and developing test scripts plus criteria to evaluate the test.

Once planning is complete, auditors can move on to the fieldwork and documentation phase (acquiring data, testing controls, issue discovery and validation, documenting results) and the reporting phase (gathering report requirements, drafting the report, issuing the report and follow-up)

"Creating Audit Programs" indicates three important success elements: IS auditors should be familiar with standard frameworks, the operating environment of the entity under review, and the audit process used internally.

Review the source code to ensure that the defined edits are included and are coded properly to achieve the desired result.

• Review test results performed by the auditor as the system is being developed or modified.

• Input test transactions with invalid numbers into an audit copy of the production software used to perform the check digit verification. The testing should be done in the test environment separate from the production environment.

• Review error reports produced by the application to verify that errors are being detected. Reasonableness and data validity edits ensure that the data is reasonable for the purpose intended. Some examples of edits include alphanumeric check, range of values check, and so on.

• Review the source code to ensure that the defined edits are included and are coded properly to achieve the desired result.

• Review test results performed by the auditor as the system is being developed or modified.

• Create test transactions to test edits of control significance.

• Review edit reports from the production-processing system to verify that input errors are being detected.

Independent testing of a copy of the production software using copies of production data files as input to the test. The test should include steps to ensure that added, deleted, and/ or modified records are properly detected by the verification routines.

• Simulation of a hash total routine using independent audit software. Copies of production data files should be used as the test input.

Related Questions

1. There are two point charges on the x-axis. One is at the origin and has a cha
Question #1308040
1. There are two types of Hypervisors. Describe the similarities and differences
Question #3888638
1. There are two ways in which Pearson\'s \'r\' and Spearman\'s \'p\' can have e
Question #3314802
1. There are two workers in the economy, “A” and “B”; “A” can go to school and “
Question #1249231
1. There are various types of benign ovarian cysts (sac-like structures containi
Question #3482457
1. There are viruses, called bacteriophage, that infect bacterial cells. Followi
Question #40022
1. There are viruses, called bacteriophage, that infect bacterial cells. Followi
Question #40688
1. There are well established algorithms (e.g., SHA) that can take a file and pr
Question #3720997

Navigate

Previous
1. Think of the best leader you have every worked for and try to capture the rea
Next
1. Thinking about how the digestive system is physiologically affected by gluten

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.