SESSION 8 COMPUTER ASSISTED AUDIT TECHNIQUE
|
|
- Benedict McDaniel
- 8 years ago
- Views:
Transcription
1 SESSION 8 COMPUTER ASSISTED AUDIT TECHNIQUE Learning objective: explain the use of computer assisted audit techniques in the context of an audit discuss and provide relevant examples of the use of test data and audit software for the transaction cycles and balance sheet items discuss the use of computers in relation to the administration of the audit Control in CIS environment: The control in CIS environment is categorised into: General Control Application controls (also known as processing) General controls: These cover the environment within which CIS are developed, operated and maintained. This control is also known as System Development Controls. They are designed to ensure the integrity of hardware, software and data files and the continuity of operation. Systems development controls include: Proper authorisation Adequate testing Complete and quality documents Control implementation Review and monitor after implementation To ensure changes are properly authorised, tested and documented. Authorisation: Any system or application being developed for the users and hence users should authorise and control the development of all system. This is usually achieved by the establishment of a Steering Committee or Project Board comprising senior IT managers, programmer etc. 1
2 The Steering Committee is responsible for: Testing Standard: - Commissioning feasibility study into new project development - Approving the investment in the development of all systems. - Overseeing the progress of the project - Monitoring the success of the project after implementation. All systems and sub-systems must be thoroughly tested before implementation. There are 3 recognised stages in testing: - At the individual program level, techniques should be employed, such as diagnostic routines and test data (containing dummy data which test the effective design and operation of controls built into program) - At the complete systems level, the overall effective operation must be tested to ensure that the output of one program exactly matches the input to next: test data/pack is normally used. - User acceptance testing-no system should be accepted unless thoroughly tested by users for functionality, operation, and user friendliness and after dry runs. Documentation standard: The development of the new system must be fully documented thus providing a full detailed record facilitating subsequent investigation of bugs and modification or upgrade. Implementation of systems Adequate user training Complete and accurate file conversions Choice of an appropriate changeover methods for example: - Parallel running - Direct changeover - Phased/pilot running Review and monitoring after implementation The purpose of continuous review is to ensure the system is performing according to stated objectives 2
3 Performance appraisal and evaluation techniques will be employed in what is called the post implementation audit. Changes, amendments, upgrade: Any modification to a system must be: - Authorised - Tested - Fully documented Further users must be fully trained in the application of the modifications The modification should be monitored and reviewed after implementation. Organisational or administrative controls: The main objectives are to ensure integrity of hardware, software and data files and the continuity of operations. Hardware: To preserve the integrity of hardware, it is necessary to restrict access and use to authorised personnel only. Software and data files: To preserve the integrity of software and data files it is necessary to restrict access and use to authorised personnel only. Personnel In centralised processing systems, since processing is concentrated in onedepartment controls are also concentrated in that department. In decentralised, distributed, networked and PC-based systems, the above segregation of duties is difficult to impose. Therefore alternative control arrangements must be enforced. Standby To ensure continuity of operations in the event of system/program failure or data corruption, the following standby arrangement must be in force: Back-up - Dumps at the program or data file level - At the complete system level, parallel hardware may be on standby, or arrangement to use others hardware, or to use a bureau or service provider. Fire precautions 3
4 Insurance arrangements Application controls: These are controls over the processing of data, and are imposed at the input, processing and output stages of the processing cycle, to ensure: Controls over input: - Data input is authorised and is completely and accurately processing. - The integrity of standing data or master file. Authorisation of data: Conventional procedures may be adopted (eg signatures on input documents) Automated programmed validation checks may be designed: Accuracy of data - Reasonableness tests - Range tests - Limit tests There are 2 types of checks that can be made on input data detecting errors: Verification at the data conversion stages, data is keyed in twice preferably by 2 different operators and the 2 inputs compared. Validation checks performed under program control on input. These include: - Check digit verification: testing that a digit added to a reference number bears the required mathematical relationship to the rest of the number. Such a check will detect transposition and transcription errors. - Existence checks: comparing reference number with pre listed reference number for existence. Controls either conventional or automated include: Batching - Batch numbers - Record counts - Hash totals Sequence checks: - Detecting - Duplication - Omission 4
5 Master files controls: Master files contain: - Out of sequence Records continuously updated by transaction data (e.g. customer accounts, supplier accounts, employee salary records) Reference data (e.g. sales price, employee wage rates) Controls must be designed to ensure the integrity of master files: - Changes must be authorised - Changes must be documented - Password entry must be required - Checks on printout of changes against authorising documents must be performed - Periodic reviews of master file content should be carried out for accuracy, completeness and for being up-to-date. The Audit of Computerised Information Systems There are 2 ways in which the auditor can approach the audit of CIS Auditing around the computer: This approach ignores the detail procedures carried out in individual application. It constitute on reconciling the output with input. An existence of an audit trail and ability to trace transaction through each stage of processing. A direct relationship between input and output The use of a software package, which is properly tested and used on trial. Auditing through the computer: Audit trail is loss, where output is indirectly related to input. Bespoke system are use Large volume of transaction An evaluation of system and controls is necessary The auditor will use. 5
6 Computer Assisted Audit Technique The use of is necessary when: Transaction volumes are high-s will enable large sample and automated programmed validation checks to be tested. There is little or no audit trail and hence it is necessary to audit through the computer To test original records (eg records held on disk) rather than printouts purporting to exact copies of files-thus producing auditor-generated evidence. Decentralised, End-User & Small Computer Systems The consideration of controls and testing technique has no far been mainly concerned with larger centralised systems. The modern type of system-concentrated upon end-user, PC-based computing presents additional problem to both management and auditor. Such systems require no special environment and are sited in an open office in contrast to the central computer department where there is a natural separate physical division between computer operations and user activities. Control problems and potential solutions: Access to computers is more difficult to control There will be a lack of segregation of duties-one person being able to initiate transactions authorise transactions and record transaction (i.e. able to input and process it) First time users may be ignorant of the importance of controls and of application of controls in particular (e.g. reconcilitions, review etc). Standing and reference data may be capable of being altered without proper authorisation. Data conversion standard from old to new systems may result in incomplete and inaccurate conversion and in data loss and corruption. Standby arrangements, including back-up software and data files, may be lax. The ability to write programs to process data using easy-to-learn language could result in unauthorised, untested and badly documented programs, capable also of being amended without necessary authorisation. 6
7 Electronic Data Interchange (EDI) and ECommerce Audit problems: The increasing use of EDI and in particular trading on the Internet by all types of business, creates problems for auditors: Originating documents may not exist-purchase orders and sales orders and respective invoices being placed electronically. There may be a lack of evidence of the operation of controls. Global trading raises problems of enforcement of cross-boarder contract-thus debtor values may be difficult to verify. Data transmissions may be intercepted and the risk of unauthorised accesses increases. Further viruses may be introduced causing data loss and corruption, and systems crashes. The failure of integrated and complex accounting systems may impact on partners in the supply chain, leading to material losses. Audit approach and consideration: Audit attention must be centred upon the following controls over transmissions: Agreements by both parties of the amount transmitted. Formal acknowledgement of transmissions Authentication procedures including the use of codes and encryption Continuous monitoring of transaction through sequence checking. Firewalls should be implemented controlling accesses to authorised businesses only. Virus protection software should be installed and regularly updated. Contingency plans and back-up procedures should be implemented and regularly tested. Appropriate insurance should be arranged It would be desirable to request letter of comfort from auditors of business partners to obtain assurance as to the existence of appropriate controls in their client s businesses. 7
auditing in a computer-based
auditing in a computer-based RELEVANT TO cat paper 8 and ACCA QUALIFICATION PAPERs f8 The accounting systems of many companies, large and small, are computer-based; questions in all ACCA audit papers reflect
More informationSolutions to Student Self Assessment Questions
Solutions to Student Self Assessment Questions Chapter 9 Testing and evaluation of systems Questions Two questions are placed within the text: (9.1) Case study 9.1 Broomfield plc: sales and trade receivables
More informationInformation Technology Audit
IT Audit Monograph Series # 1 Information Technology Audit General Principles Introductory As computer technology has advanced, Government organisations have become increasingly dependent on computerised
More informationPoint to note: computer information system is NOT equal to computer assisted audit techniques
COMPUTER ASSISTED AUDIT TECHNIQUES (CAAT) Point to note: computer information system is NOT equal to computer assisted audit techniques CAAT s are computer programs and data that the auditor uses as part
More informationLearning Objective 1. The Impact of Information Technology on the Audit Process. Describe how IT improves internal control.
Learning Objective 1 The Impact of Information Technology on the Audit Process Describe how IT improves internal control. Chapter 12 12-1 12-2 How Information Technologies Enhance Internal Control Learning
More informationCHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS
11-1 CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION The State Board of Accounts, in accordance with State statutes and the Statements on Auditing Standards Numbers 78
More informationPART 10 COMPUTER SYSTEMS
PART 10 COMPUTER SYSTEMS 10-1 PART 10 COMPUTER SYSTEMS The following is a general outline of steps to follow when contemplating the purchase of data processing hardware and/or software. The State Board
More informationESKICAS1 Computerised accounting software
Overview This is the ability to select and use a computerised accounting or bookkeeping software application to input and process data for orders and invoices, receipts and payments and prepare management
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationINFORMATION TECHNOLOGY CONTROLS
CHAPTER 14 INFORMATION TECHNOLOGY CONTROLS SCOPE This chapter addresses requirements common to all financial accounting systems and is not limited to the statewide financial accounting system, ENCOMPASS,
More informationAUDITING IN COMPUTER ENVIRONMENT. What is audit in a computer environme nt?
AUDITING IN COMPUTER ENVIRONMENT What is audit in a computer environme nt? Wherever computer based accounting system, large or small are operated by an enterprise, or by a third party on behalf of the
More informationChapter 7 Information System Security and Control
Chapter 7 Information System Security and Control Essay Questions: 1. Hackers and their companion viruses are an increasing problem, especially on the Internet. What can a digital company do to protect
More informationIT Application Controls Questionnaire
IT Application Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks A1.a. MULTIPLE USER PROCESSING INPUT CONTROLS Input controls are the procedures and methods utilized by
More informationThe Impact of Information Technology on the Audit Process
The Impact of Information Technology on the Audit Process Chapter 12 2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 12-1 Learning Objective 1 Describe how IT improves internal
More informationSpillemyndigheden s Certification Programme Information Security Management System
SCP.03.00.EN.1.0 Table of contents Table of contents... 2 1 Objectives of the... 3 1.1 Scope of this document... 3 1.2 Version... 3 2 Certification... 3 2.1 Certification frequency... 3 2.1.1 Initial certification...
More informationACDM GUIDELINES TO FACILITATE PRODUCTION OF A DATA HANDLING PROTOCOL
ACDM GUIDELINES TO FACILITATE PRODUCTION OF A DATA HANDLING PROTOCOL BACKGROUND The need was identified by the Electronic Data Transfer Special Interest Group (SIG) for each company or organisation to
More informationInternal Control Systems
D. INTERNAL CONTROL 1. Internal Control Systems 2. The Use of Internal Control Systems by Auditors 3. Transaction Cycles 4. Tests of Control 5. The Evaluation of Internal Control Component 6. Communication
More informationINFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
More informationThis interpretation of the revised Annex
Reprinted from PHARMACEUTICAL ENGINEERING The Official Magazine of ISPE July/August 2011, Vol. 31 No. 4 www.ispe.org Copyright ISPE 2011 The ISPE GAMP Community of Practice (COP) provides its interpretation
More informationPolicy Document. Communications and Operation Management Policy
Policy Document Communications and Operation Management Policy [23/08/2011] Page 1 of 11 Document Control Organisation Redditch Borough Council Title Communications and Operation Management Policy Author
More informationInformation Technology General Controls Review (ITGC) Audit Program Prepared by:
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationStructure of organisations Hierarchical = rigid, slow decision making Flat = flexible, autonomous
This booklet is intended to support your existing revision in your final approach to the first A2 ICT exam. Continue using the past papers, revision materials and revision exercises that you are already
More informationSRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective for all the audits commencing on or after 01 April 2010) CONTENTS
More informationINTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
INTERNATIONAL PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective) CONTENTS Paragraph Introduction... 1 5 Skills and Knowledge... 6 7 Knowledge
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationControl Matters. Computer Auditing. (Relevant to ATE Paper 8 Auditing) David Chow, FCCA, FCPA, CPA (Practising)
Computer Auditing Control Matters (Relevant to ATE Paper 8 Auditing) David Chow, FCCA, FCPA, CPA (Practising) The introduction of a computerized or electronic data processing (EDP) accounting system has
More informationEUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL. EudraLex The Rules Governing Medicinal Products in the European Union
EUROPEAN COMMISSION HEALTH AND CONSUMERS DIRECTORATE-GENERAL Public Health and Risk Assessment Pharmaceuticals Brussels, SANCO/C8/AM/sl/ares(2010)1064599 EudraLex The Rules Governing Medicinal Products
More informationFORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference
FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS Workpaper Reference Date(s) Completed Organization and Staffing procedures used to define the organization of the IT Department. 2. Review the organization
More informationBuild (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)
It is a well-known fact in computer security that security problems are very often a direct result of software bugs. That leads security researches to pay lots of attention to software engineering. The
More informationOECD DRAFT ADVISORY DOCUMENT 16 1 THE APPLICATION OF GLP PRINCIPLES TO COMPUTERISED SYSTEMS FOREWARD
OECD DRAFT ADVISORY DOCUMENT 16 1 THE APPLICATION OF GLP PRINCIPLES TO COMPUTERISED SYSTEMS FOREWARD 1. The following draft Advisory Document will replace the 1995 OECD GLP Consensus Document number 10
More informationPRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (Issued December 2003; revised September 2004 (name change)) PN 1013 (September 04) PN 1013 (December 03) Contents Paragraphs
More informationREVENUE REGULATIONS NO. 9-2009 issued on December 29, 2009 defines the requirements, obligations and responsibilities imposed on taxpayers for the
REVENUE REGULATIONS NO. 9-2009 issued on December 29, 2009 defines the requirements, obligations and responsibilities imposed on taxpayers for the maintenance, retention and submission of electronic records.
More informationIT - General Controls Questionnaire
IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow
More informationPERFORMANCE EVALUATION AUDIT CHECKLIST EXAMPLE. EIIP Volume VI
Final 7/96 APPENDIX E - PERFORMANCE EVALUATION AUDIT APPENDIX E PERFORMANCE EVALUATION AUDIT CHECKLIST EXAMPLE APPENDIX E - PERFORMANCE EVALUATION AUDIT Final 7/96 This page is intentionally left blank.
More informationService Level Program for Ariba cloud Services. Service Accessibility Warranty Security Miscellaneous
Service Level Program for Ariba cloud Services Service Accessibility Warranty Security Miscellaneous 1. Service Accessibility Warranty a. Applicability. The Service Accessibility Warranty applies to the
More informationInformation Security Policies. Version 6.1
Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access
More informationOperational Risk Publication Date: May 2015. 1. Operational Risk... 3
OPERATIONAL RISK Contents 1. Operational Risk... 3 1.1 Legislation... 3 1.2 Guidance... 3 1.3 Risk management process... 4 1.4 Risk register... 7 1.5 EBA Guidelines on the Security of Internet Payments...
More informationComputer System Validation for Clinical Trials:
Computer System Validation for Clinical Trials: Framework Standard Operating Procedure (F-SOP) Author: Tim Cross Version History: 0.1di DRAFT 24-April-2013 0.2 DRAFT 12-June-2013 Current Version: 1.0 17-June-2013
More informationNova Southeastern University Standard Operating Procedure for GCP. Title: Electronic Source Documents for Clinical Research Study Version # 1
Nova Southeastern University Standard Operating Procedure for GCP Title: Electronic Source Documents for Clinical Research Study Version # 1 SOP Number: OCR-RDM-006 Effective Date: August 2013 Page 1 of
More informationOECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT
GENERAL DISTRIBUTION OCDE/GD(95)115 OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT THE APPLICATION OF THE PRINCIPLES OF GLP TO COMPUTERISED
More informationAn Approach to Records Management Audit
An Approach to Records Management Audit DOCUMENT CONTROL Reference Number Version 1.0 Amendments Document objectives: Guidance to help establish Records Management audits Date of Issue 7 May 2007 INTRODUCTION
More informationINFORMATION SYSTEM AUDITING AND ASSURANCE
CHAPTER INFORMATION SYSTEM AUDITING AND ASSURANCE As more and more accounting and business systems were automated, it became more and more evident that the field of auditing had to change. As the systems
More informationFull Compliance Contents
Full Compliance for and EU Annex 11 With the regulation support of Contents 1. Introduction 2 2. The regulations 2 3. FDA 3 Subpart B Electronic records 3 Subpart C Electronic Signatures 9 4. EU GMP Annex
More informationGuidance for Industry Computerized Systems Used in Clinical Investigations
Guidance for Industry Computerized Systems Used in Clinical Investigations U.S. Department of Health and Human Services Food and Drug Administration (FDA) Office of the Commissioner (OC) May 2007 Guidance
More informationMHRA GMP Data Integrity Definitions and Guidance for Industry January 2015
MHRA GMP Data Integrity Definitions and Guidance for Industry Introduction: Data integrity is fundamental in a pharmaceutical quality system which ensures that medicines are of the required quality. This
More informationIT OUTSOURCING SECURITY
IT OUTSOURCING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationNHS Business Services Authority Information Security Policy
NHS Business Services Authority Information Security Policy NHS Business Services Authority Corporate Secretariat NHSBSAIS001 Issue Sheet Document reference NHSBSARM001 Document location F:\CEO\IGM\IS\BSA
More informationNewcastle University Information Security Procedures Version 3
Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationSECTION 15 INFORMATION TECHNOLOGY
SECTION 15 INFORMATION TECHNOLOGY 15.1 Purpose 15.2 Authorization 15.3 Internal Controls 15.4 Computer Resources 15.5 Network/Systems Access 15.6 Disaster Recovery Plan (DRP) 15.1 PURPOSE The Navajo County
More informationIAASB. EMERGING PRACTICE ISSUES REGARDING t h e USE o f EXTERNAL CONFIRMATIONS STAFF AUDIT PRACTICE ALERT NOVEMBER 2009.
IAASB NOVEMBER 2009 STAFF AUDIT PRACTICE ALERT International Auditing and Assurance Standards Board The IAASB is an independent standard-setting board of the International Federation of Accountants. EMERGING
More informationNational Occupational Standards in Accounting
National Occupational Standards in Accounting 2 ACCOUNTANCY OCCUPATIONALS STANDARDS GROUP (AOSG) Contents Introduction to the Accounting Standards...4 Accounting Qualification Framework...6 Accounting
More informationInformation Security Policy. Chapter 13. Information Systems Acquisition Development and Maintenance Policy
Information Security Policy Chapter 13 Information Systems Acquisition Development and Maintenance Policy Author: Policy & Strategy Team Version: 0.3 Date: June 2008 Document Control Information Document
More informationNOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0
NOS for IT User and Application Specialist IT Security (ESKITU04) November 2014 V1.0 NOS Reference ESKITU040 ESKITU041 ESKITU042 Level 3 not defined Use digital systems NOS Title Set up and use security
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationHIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics
HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards
More informationCoSign for 21CFR Part 11 Compliance
CoSign for 21CFR Part 11 Compliance 2 Electronic Signatures at Company XYZ Company XYZ operates in a regulated environment and is subject to compliance with numerous US government regulations governed
More informationWHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery
WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights
More informationSpillemyndigheden s Certification Programme Information Security Management System
SCP.03.00.EN.1.0 Table of contents Table of contents... 2 1 Introduction... 3 1.1 Spillemyndigheden s certification programme... 3 1.2 Objectives of the... 3 1.3 Scope of this document... 4 1.4 Definitions...
More informationThe Danish Bookkeeping Act and the Enterprise
The Danish Bookkeeping Act and the Enterprise The Danish Bookkeeping Act and the Enterprise October 2011 Copyright BDO Statsautoriseret revisionsaktieselskab, October 2011 No reproduction by mechanical,
More informationMHRA GMP Data Integrity Definitions and Guidance for Industry March 2015
MHRA GMP Data Integrity Definitions and Guidance for Industry Introduction: Data integrity is fundamental in a pharmaceutical quality system which ensures that medicines are of the required quality. This
More informationHead of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2
Policy Procedure Information security policy Policy number: 442 Old instruction number: MAN:F005:a1 Issue date: 24 August 2006 Reviewed as current: 11 July 2014 Owner: Head of Information & Communications
More informationOur Impacts: accurate base factor data supporting Audit Ready Output
Our Impacts: accurate base factor data supporting Audit Ready Output Report on third party sourced base factors used within the Our Impacts platform as at 31 January 2014 and the design of internal controls
More informationFORUM ON TAX ADMINISTRATION
ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT FORUM ON TAX ADMINISTRATION Guidance Note: Guidance and Specifications for Tax Compliance of Business and Accounting Software April 2010 CENTRE FOR
More informationFNS40211 CERTIFICATE IV FINANCIAL SERVICES BOOKKEEPING
FNS40211 CERTIFICATE IV FINANCIAL SERVICES BOOKKEEPING POWER UP YOUR CAREER WITH A QUALIFICATION THAT MAKES A DIFFERENCE It is a must have qualification for individuals who possess significant theoretical
More informationSMDG-Interchange EDI - Understanding
1 SMDG-Interchange EDI - Understanding This draft is the result of work carried out by a SMDG-Subgroup. It was set up mainly on TEDIS drafts (May 1991/January 1994) but ideas and comments of EDI Council
More informationDocument Number: SOP/RAD/SEHSCT/007 Page 1 of 17 Version 2.0
Standard Operating Procedures (SOPs) Research and Development Office Title of SOP: Computerised Systems for Clinical Trials SOP Number: 7 Version Number: 2.0 Supercedes: 1.0 Effective date: August 2013
More informationInternal Controls Best Practices
Internal Controls Best Practices This list includes the most common internal controls applied by small to medium sized businesses to their operations. It includes controls that apply to the processes most
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationFundamentals Level Skills Module, Paper F8 (IRL) 1 (a) Audit procedures procurement and purchases system
Answers Fundamentals Level Skills Module, Paper F8 (IRL) Audit and Assurance (Irish) December 2007 Answers 1 (a) Audit procedures procurement and purchases system Procedure Obtain a sample of e-mails from
More information(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002)
(NOTE: ALL BS7799 REFERENCES IN THIS DOCUMENT ARE FROM BS7799-2:1999 and SHOULD BE AMENDED TO REFLECT BS7799-2:2002) 1. Approval and Authorisation Completion of the following signature blocks signifies
More informationProfessional Development Programme on Enriching Knowledge of the Business, Accounting and Financial Studies (BAFS) Curriculum
Professional Development Programme on Enriching Knowledge of the Business, and Financial Studies (BAFS) Curriculum Course 1 : Contemporary Perspectives on Unit 5 : ICT Applications in Technology Education
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationExternal Audit Reviews. Report by Director of Finance
THE HIGHLAND COUNCIL AUDIT AND STANDARDS COMMITTEE 4 DECEMBER 2003 Agenda Item Report No External Audit Reviews Report by Director of Finance SUMMARY The pages that follow contain a report from the Council's
More informationBUSINESS ONLINE BANKING AGREEMENT
BUSINESS ONLINE BANKING AGREEMENT This Business Online Banking Agreement ("Agreement") establishes the terms and conditions for Business Online Banking Services ( Service(s) ) provided by Mechanics Bank
More informationPAYE Online for Employers EDI. Electronic Data Interchange (EDI) EB2 (PAYE) Information Pack
PAYE Online for Employers Electronic Data Interchange (EDI) EB2 (PAYE) 1. Glossary 2. Introduction 3. Background 3.1 What is filing digitally? 4. EDI 4.1 What is EDI? 4.2 Who can use EDI? 5. Benefits 5.1
More informationELECTRONIC COMMERCE SYSTEMS
CHAPTER ELECTRONIC COMMERCE SYSTEMS This chapter discusses one of the most visible segments of the business world today e-commerce. In general terms, the issues involve the electronic processing and transmission
More informationTerms and Conditions for Remote Data Transmission
Terms and Conditions for Remote Data Transmission (Status 31 October 2009) 1. Scope of services (1) The Bank is available to its Customers (account holders) for remote transmission of data by electronic
More information4 Audit under Computerised Information System (CIS) Environment
4 Audit under Computerised Information System (CIS) Environment 4.1 Introduction Information Technology throughout the world has revolutionized and dramatically changed the manner in which the business
More informationPlanning/Administrative. Management & Organization. Application Level Accuracy and Completeness. EDI Systems Audit Program
EDI Systems Audit Program A Planning/Administrative 1 Review the Letter of Understanding and create the APM (Audit Planning Memorandum) accordingly. A-1 DB 02/03 2 Gain a high-level understanding of Auditee
More informationInformation security policy
Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current
More informationChapter 7 Securing Information Systems
1 Chapter 7 Securing Information Systems LEARNING TRACK 4: GENERAL AND APPLICATION CONTROLS FOR INFORMATION SYSTEMS To minimize errors, disaster, computer crime, and breaches of security, special policies
More informationManual of Information Technology Audit
Manual of Information Technology Audit Volume III Audit Programmes for Specific Applications Office of the Comptroller & Auditor General of India IT Audit Manual Volume III: Audit Programmes for Specific
More informationSOLUTION: AUDIT AND INTERNAL REVIEW, MAY 2014
SOLUTION 1(a) (a) The Auditing guideline points out that the amount or quantity of audit evidence required for the auditor to achieve the level of assurance is a matter of professional judgment. The factors
More informationFMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period. Updated May 2015
FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period Updated May 2015 The Secretary Department of Treasury and Finance 1 Treasury Place Melbourne Victoria
More informationInformation Systems and Technology
As public servants, it is our responsibility to use taxpayers dollars in the most effective and efficient way possible while adhering to laws and regulations governing those processes. There are many reasons
More informationManaging & Validating Research Data
Research Management Standard Operating Procedure ISOP-H02 VERSION / REVISION: 2.0 EFFECTIVE DATE: 01 03 12 REVIEW DATE: 01 03 14 AUTHOR(S): CONTROLLER(S): APPROVED BY: Information Officer; NBT Clinical
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationLevel 3 Award in Computerised Accounting Skills
LCCI International Qualifications Level 3 Award in Computerised Accounting Skills Syllabus Effective from: 1 October 2011 For further information contact us: Tel. +44 (0) 8707 202909 Email. enquiries@ediplc.com
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationMusina Local Municipality. Information and Communication Technology User Account Management Policy -Draft-
Musina Local Municipality Information and Communication Technology User Account Management Policy -Draft- Version Control Version Date Author(s) Details V1.0 June2013 Perry Eccleston Draft Policy Page
More informationInformation Security Policy. Information Security Policy. Working Together. May 2012. Borders College 19/10/12. Uncontrolled Copy
Working Together Information Security Policy Information Security Policy May 2012 Borders College 19/10/12 1 Working Together Information Security Policy 1. Introduction Borders College recognises that
More informationUniversity of Liverpool
University of Liverpool Information Security Policy Reference Number Title CSD-003 Information Security Policy Version Number 3.0 Document Status Document Classification Active Open Effective Date 01 October
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationProduct overview. Tempest optional extras. Safe Tempest Internet (STi) Client, worker, consultant and supplier portals
Safe Tempest Internet (STi) Client, worker, consultant and supplier portals Our portals provide direct access to key Tempest data via the web or intranet. This enables functionality e timesheet processes,
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More informationGeneral IT Controls Audit Program
Contributed February 5, 2002 by Paul P Shotter General IT Controls Audit Program Purpose / Scope Perform a General Controls review of Information Technology (IT). The reviews
More informationLife Cycle of Records
Discard Create Inactive Life Cycle of Records Current Retain Use Semi-current Records Management Policy April 2014 Document title Records Management Policy April 2014 Document author and department Responsible
More informationContents. Section 4 Information Systems in Organisations 195. Section 5 Information: Policy, Strategy and Systems 287
Contents Section 4 Information Systems in Organisations 195 Section 5 Information: Policy, Strategy and Systems 287 Appendix A AQA Specification Summary 350 iv Table of Contents SECTION 4 Chapter 36 Organisational
More information