Audit Work Program
Project Team (list members):
Project Timing:
Date
Comments
Planning
Fieldwork
Report Issuance (Local)
Report Issuance (Worldwide)
Audit Objectives
The purpose of this audit work program is to assess, at a high level, and validate key controls in place for Information and Communication. Inadequate or ineffective controls in this area may give rise to financial and operational risks.
Risks addressed in this audit work program include:
Management does not monitor relevant external information and does not consider the impact on the entity.
Entity-wide operating results are not reviewed and compared against budgets at regular intervals.
The adequacy of the information technology …show more content…
There are not defined responsibilities for individuals responsible for implementing, documenting, testing, and approving changes to computer programs and systems.
There is not a regular back-up of application programs and data files.
The entity does not have a disaster recovery plan in place that allows for the timely recovery of information. The disaster recovery plan is not tested regularly and is not updated as the business changes.
Employee duties and control responsibilities are not timely and effectively communicated.
Communication across the organization is not adequate, complete and timely to enable people to perform their responsibilities effectively.
There is not an established channel of communication for people to report, anonymously when appropriate, suspected improprieties and management does not encourage employees to utilize such channels when necessary.
Reported problems are not investigated in a timely manner and disciplinary actions are not taken when necessary.
There are not realistic mechanisms in place for employees to provide …show more content…
Obtain documentation related to the new employee orientation, including agendas, presentations, handouts, etc.
2. Verify that employee duties and control responsibilities are communicated.
D. IT Incident Resolution Policy
1. Obtain a copy of the IT Incident Resolution Policy.
2. Through inspection, verify that the policy defines the procedure to be followed to identify and resolve IT problems as well as the roles and responsibilities of the individuals involved.
C. Budgets and Forecasts
1. Generate a random sample of two months from the period selected for testing, (insert date) to (insert date).
2. Obtain copies of the X Report verifying it was completed for the months selected for testing.
3. Inquire with finance personnel to verify that senior and executive management review the monthly X Report.
D. Incident Hotline
1. Obtain the Company ABC Employee Hotline Policy and Procedures.
2. Inspect the policy and procedures and verify a process exists that facilitates the reporting of Code of Ethics, legal, and regulatory violations by employees.
3. Obtain evidence verifying the distribution of the hotline communications including the fliers to be placed at all locations.
E. IT Policies and