Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
69<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
General IT C<strong>on</strong>trols<br />
Access <str<strong>on</strong>g>to</str<strong>on</strong>g><br />
Programs<br />
and Applicati<strong>on</strong><br />
Data<br />
Program<br />
Development and<br />
Program Changes<br />
M<strong>on</strong>i<str<strong>on</strong>g>to</str<strong>on</strong>g>r<strong>in</strong>g of IT<br />
Operati<strong>on</strong>s<br />
Issuance/removal and security of user passwords and IDs.<br />
Internet firewalls and remote-access c<strong>on</strong>trols.<br />
Data encrypti<strong>on</strong> and cryp<str<strong>on</strong>g>to</str<strong>on</strong>g>graphic keys.<br />
User accounts and access-privilege c<strong>on</strong>trols.<br />
User profiles that permit or restrict access.<br />
Acquisiti<strong>on</strong> and implementati<strong>on</strong> of new applicati<strong>on</strong>s.<br />
System development and quality-assurance methodology.<br />
The ma<strong>in</strong>tenance of exist<strong>in</strong>g applicati<strong>on</strong>s, <strong>in</strong>clud<strong>in</strong>g c<strong>on</strong>trols over program changes.<br />
Policies, procedures, <strong>in</strong>specti<strong>on</strong>s, and excepti<strong>on</strong> reports ensur<strong>in</strong>g:<br />
• That <strong>in</strong>formati<strong>on</strong> users are receiv<strong>in</strong>g accurate data for decisi<strong>on</strong>-mak<strong>in</strong>g;<br />
• Ongo<strong>in</strong>g compliance with general IT c<strong>on</strong>trols; and<br />
• That IT is serv<strong>in</strong>g the entity’s needs and aligned with the bus<strong>in</strong>ess requirements.<br />
IT Applicati<strong>on</strong> C<strong>on</strong>trols<br />
IT applicati<strong>on</strong> c<strong>on</strong>trols relate <str<strong>on</strong>g>to</str<strong>on</strong>g> a particular software applicati<strong>on</strong> used at the bus<strong>in</strong>ess process level.<br />
Applicati<strong>on</strong> c<strong>on</strong>trols can be preventive or detective <strong>in</strong> nature, and are designed <str<strong>on</strong>g>to</str<strong>on</strong>g> ensure the <strong>in</strong>tegrity of the<br />
account<strong>in</strong>g records.<br />
Typical applicati<strong>on</strong> c<strong>on</strong>trols relate <str<strong>on</strong>g>to</str<strong>on</strong>g> procedures used <str<strong>on</strong>g>to</str<strong>on</strong>g> <strong>in</strong>itiate, record, process, and report transacti<strong>on</strong>s or<br />
other f<strong>in</strong>ancial data. These c<strong>on</strong>trols help ensure that transacti<strong>on</strong>s occurred, are authorized, and are completely<br />
and accurately recorded and processed. Examples <strong>in</strong>clude edit checks of <strong>in</strong>put data with correcti<strong>on</strong> at the<br />
po<strong>in</strong>t of data entry, and numerical sequence checks with manual follow-up of excepti<strong>on</strong> reports.