Laserfiche WebLink
MSLMOORE STEPHENS <br /> LOVELACE cws & ADVISORS <br /> Information Systems Audit Procedures <br /> As part of our audit, we routinely perform an assessment of our clients' computer-based financial <br /> management systems. To accomplish this, we incorporate a unique two-professional system. A <br /> seasoned auditor and an Information Technology Specialist perform this analysis together. We believe <br /> this approach is unique because the use of two professionals enables us to assess not just how your IT <br /> system functions, but also how those functions directly affect your accounting and reporting systems. <br /> Our goal is to ensure that both are functioning properly. <br /> Examples of computer controls that will be reviewed include the following: <br /> Information Security <br /> The information security function is responsible for the administration and maintenance of a client's <br /> information security program, including both physical and logical security. The primary goal of such a <br /> program is to ensure that access to programs, data, online transactions, and other computing resources <br /> is restricted to authorized users. Our review of general computer controls in the information security <br /> area will include an appropriate consideration of the level of security that is adequate for a particular <br /> processing environment and the availability of access control mechanisms in that environment. <br /> Systems Acquisition, Development, and Maintenance <br /> Systems development personnel are responsible for the selection and/or design, programming, and <br /> maintenance of the application systems to meet the needs of the various users. Our audit procedures <br /> are designed to ensure that application programs are designed, implemented, and maintained according <br /> to management's intentions and in accordance with industry-accepted practices. <br /> Computer Operations <br /> The computer operations department is responsible for the day-to-day processing activities of the <br /> systems, ensuring that jobs are scheduled and processed in accordance with established routines. It is <br /> also responsible for the physical control of data stored on portable media and timely, accurate <br /> distribution of reports to users. Our review will be to test that these control procedures were effective <br /> throughout the year. <br /> Proposed Segmentation of the Engagement <br /> The following section gives an overview of the major audit segments (Planning, Substantive Testing and <br /> Wrap Up), as well as procedures we anticipate will be implemented in these areas. The section is not <br /> 1 intended to provide you with all of the details of our audit steps. It indicates our understanding of the <br /> City, its environment, and the internal controls in place. The overall objective of our audit <br /> segmentation and related procedures is to ensure that our audit opinions are supported by the <br /> procedures performed. Procedures are evaluated throughout the audit process based upon the City's <br /> environment, internal controls, and economic condition. In addition, our audit plan is evaluated <br /> throughout the audit and procedures are performed to address any significant issues identified during <br /> the audit process. <br /> I <br /> ci: : - ' <br /> 241 <br />