Laserfiche WebLink
increase efficiency. Our firm uses Active Data mining software that enables us to use data from your II <br /> financial reporting package to perform CAAT's. Some examples of taking an output file format and <br /> converting it into a usable data format for our audit team to perform CAAT's include: <br /> • Trends in number and amounts paid to vendors <br /> • Search for false employees <br /> • Sorting payments to identify items that fall under the threshold of financial control or contract limits <br /> • Analyzing sequence in a population for missing or duplicated items <br /> • Comparison of vendors and employee addresses <br /> CAAT's are also useful in performing a variety of time consuming tests such us: footing files, testing for <br /> incomplete data, and sorting. CAAT's are also used to perform a variety of tests of controls such as: <br /> selecting a sample for inspection or re-performance of procedures, testing access to critical files and <br /> programs, and testing program application controls. <br /> Information Systems Audit Procedures <br /> In the technology age, information security and financial systems security is a big concern for many of our <br /> clients. Areas of potential risk are: <br /> • Data security including access to the data and software <br /> • Processes that automatically import data from an outside source <br /> • Processes that export data to other programs <br /> Under current generally accepted auditing standards, we are required to gain an understanding of internal <br /> controls which include an entity's Information Technology (IT) environment during audit planning, in order <br /> to determine the nature and timing of substantive audit procedures. We assess what level of IT <br /> environment an entity has on a scale from one to three. For example, a level one entity has a non- <br /> complex IT structure with features including the use of commercial off-the-shelf (COTS) accounting <br /> software and a limited number of workstations and online transaction. By comparison, a level three entity <br /> has a complex IT structure with one or more servers, several integrated software applications, thirty or <br /> more workstations and online transactions. <br /> We have partnered with SLPowers, a firm recognized as one of the countries most advanced IT service <br /> providers, to work side by side with our audit team. We believe partnering with an industry expert provides <br /> additional assurance to the City that its IT systems are being checked and evaluated accurately. <br /> SLPowers is at the cutting edge of the rapidly evolving environment of network and database security, <br /> internet security and vulnerability testing. In today's information age, an in-house IT auditor may not have <br /> the most up-to-date experience and training for handling sensitive information and financial database II <br /> security. <br /> We will work alongside our IT Contractor to assess, document, and test as deemed necessary the <br /> following five areas of IT controls: <br /> • Entity Level Control kR <br /> /titre! o, <br /> • Change Management ,Iw� t ^ht <br /> wr. <br /> • Information Security - nc-ia ; Cu. reI° mi. , <br /> rdrPentarn <br /> • Backup and Recoveryanesniert <br /> • Third Party Providers (if applicable) I: � � <br /> 'iamo�s :t 7^ " <br /> 7{.,+}i, - fr P'e <br /> s A'4 <br /> Once we gain a better understanding of the <br /> general controls over IT functions, then we can <br /> take a look at specific areas within the financial , 1:111� . I <br /> reporting process that need to be reviewed in I 1 <br /> nalreine?nlr[ordeals <br /> greater detail. Good controls around thesedronbR.o» <br /> Walu rtac0ol rertlnikA Ww[GAoi rajad — IeM UNds✓A <br /> � ^ .rr� <br /> aspects of IT are important in order to maintain W ,h; , rsbre mineral minds <br /> the integrity of the number. <br /> 18 <br />