Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on


Published in: Business
  • Be the first to comment

  • Be the first to like this


  1. 1. Techserv Systems Audit Executive Brief Application Systems Audit Application Control Objectives Our Assurance on IT Controls’ Adequacy . Effectiveness . Efficiency “Promoting Systems Integrity”
  2. 2. The Systems audit process involves the conduct of specific procedures to provide an appropriate “Companies with IT level of assurance about the subject matter. Our Governance have profits assurance professionals undertake assignments that are 20% higher than designed to provide assurance at varying levels, other companies pursuing ranging from single information criteria to all seven information criteria. similar strategies” Every systems audit engagements will adhere to our standard systems audit methodology of which our consultants are qualified to perform the work. I'm not suggesting there The methodology would address how the work is are any errors at all. I'm to be performed, what work is to be performed, saying that without a and how the findings will be reported based on various characteristics of the assignment as well proper audit, there's no as the nature of the results obtained. way to be sure. ~ Pete Williams quotes APPLICATION SYSTEMS AUDIT CONTROL OBJECTIVES Source Data Preparation and Authorization Ensure that source documents are prepared by authorized and qualified personnel following established procedures, taking into account adequate segregation of duties regarding the origination and approval of these documents. Errors and omissions can be minimized through good input form design. Detect errors and irregularities so they can be reported and corrected. Source Data Collection and Entry Establish that data input is performed in a timely manner by authorized and qualified staff. Correction and resubmission of data that were erroneously input should be performed without compromising original transaction authorization levels. Where appropriate for reconstruction, retain original source documents for the appropriate amount of time. Accuracy, Completeness and Authenticity Checks Ensure that transactions are accurate, complete and valid. Validate data that were input, and edit or send back for correction as close to the point of origination as possible. Processing Integrity and Validity Maintain the integrity and validity of data throughout the processing cycle. Detection of erroneous transactions does not disrupt the processing of valid transactions. Output Review, Reconciliation and Error Handling Establish procedures and associated responsibilities to ensure that output is handled in an authorized manner, delivered to the appropriate recipient, and protected during transmission; that verification, detection and correction of the accuracy of output occurs; and that information provided in the output is used. Transaction Authentication and Integrity Before passing transaction data between internal applications and business/operational functions (in or outside the enterprise), check it for proper addressing, authenticity of origin and integrity of content. Maintain authenticity and integrity during transmission or transport.
  3. 3. APPLICATION CONTROLS A1 - Input authorization A2 - Batch Controls A3 - Input Validation A4 – Rejection of Transaction A5 – Batch Integrity A6 – Processing Procedures A7 – Output Controls A8 – Application Access G2 G3 A9 - Log Management G4 G1 G5 A1 G18 A9 A2 G6 G17 Application A8 Information A3 G7 Infrastructure People G16 Suppliers G8 A7 A4 G15 A6 A5 G9 G14 G10 G13 G12 G11 GENERAL CONTROLS G1 - IT Process Definition G10 – Continuity of Operation G2 - IT Human Resources G11 – IT Security G3 - Risk Management G12 – Problem Management G4 - Software Development G13 - Manage data G5 - Technology Maintenance G14 - Physical environment G6 - IT Operation & Usage G15 - Manage operations G7 - Manage changes G16 - IT performance G8 - Software Testing G17 - Internal control G9 - Third-party services G18 - Compliance
  4. 4. SYSTEMS AUDIT METHODOLOGY PHASE 1 PHASE 2 PHASE 3 PHASE 4 ENGAGEMENT CONTROL AUDIT AUDIT SCOPING ASSESSMENT REPORTING FOLLOW-UP Project discussion Tailor Methodology Tailor audit report Verify Audit Audit Scope Finalize methodology template findings closure Draft Proposal Project Planning Finalize audit report Project Kick-off Proposal Discussion template General Control review Proposal Finalization Compile report Application Control Team Formation review Review report Project Logistics Weekly Project Review Discuss draft Findings discussion Finalize report Management meeting Arul nambi Cell +91 9892504538 Tel. 91 – 22 – 28573170 E-MAIL : “Promoting Systems Integrity”