Our Assurance on IT Controls’ Adequacy . Effectiveness . Efficiency The document discusses Techserv's application systems audit process and methodology. It provides an overview of the audit objectives related to source data preparation, collection, accuracy checks, processing integrity, output handling and transaction authentication. It also outlines the application and general controls that are assessed. The audit methodology involves four phases - engagement scoping, control assessment, audit reporting and follow up to verify findings closure.

1. Techserv
Systems Audit
Executive Brief
Application Systems Audit
Application Control Objectives
Our Assurance on IT Controls’
Adequacy . Effectiveness . Efficiency
“Promoting Systems Integrity”

2. The Systems audit process involves the conduct
of specific procedures to provide an appropriate “Companies with IT
level of assurance about the subject matter. Our Governance have profits
assurance professionals undertake assignments that are 20% higher than
designed to provide assurance at varying levels, other companies pursuing
ranging from single information criteria to all
seven information criteria. similar strategies”
Every systems audit engagements will adhere to
our standard systems audit methodology of which
our consultants are qualified to perform the work. I'm not suggesting there
The methodology would address how the work is are any errors at all. I'm
to be performed, what work is to be performed, saying that without a
and how the findings will be reported based on
various characteristics of the assignment as well proper audit, there's no
as the nature of the results obtained. way to be sure.
~ Pete Williams quotes
APPLICATION SYSTEMS AUDIT CONTROL OBJECTIVES
Source Data Preparation and Authorization
Ensure that source documents are prepared by authorized and qualified personnel following established
procedures, taking into account adequate segregation of duties regarding the origination and approval of
these documents. Errors and omissions can be minimized through good input form design. Detect errors
and irregularities so they can be reported and corrected.
Source Data Collection and Entry
Establish that data input is performed in a timely manner by authorized and qualified staff. Correction and
resubmission of data that were erroneously input should be performed without compromising original
transaction authorization levels. Where appropriate for reconstruction, retain original source documents
for the appropriate amount of time.
Accuracy, Completeness and Authenticity Checks
Ensure that transactions are accurate, complete and valid. Validate data that were input, and edit or send
back for correction as close to the point of origination as possible.
Processing Integrity and Validity
Maintain the integrity and validity of data throughout the processing cycle. Detection of erroneous
transactions does not disrupt the processing of valid transactions.
Output Review, Reconciliation and Error Handling
Establish procedures and associated responsibilities to ensure that output is handled in an authorized
manner, delivered to the appropriate recipient, and protected during transmission; that verification,
detection and correction of the accuracy of output occurs; and that information provided in the output is
used.
Transaction Authentication and Integrity
Before passing transaction data between internal applications and business/operational functions (in or
outside the enterprise), check it for proper addressing, authenticity of origin and integrity of content.
Maintain authenticity and integrity during transmission or transport.

3. APPLICATION CONTROLS
A1 - Input authorization
A2 - Batch Controls
A3 - Input Validation
A4 – Rejection of Transaction
A5 – Batch Integrity
A6 – Processing Procedures
A7 – Output Controls
A8 – Application Access G2 G3
A9 - Log Management G4
G1
G5
A1
G18
A9 A2 G6
G17
Application
A8 Information A3 G7
Infrastructure
People
G16 Suppliers
G8
A7 A4
G15
A6 A5 G9
G14
G10
G13
G12 G11
GENERAL CONTROLS
G1 - IT Process Definition G10 – Continuity of Operation
G2 - IT Human Resources G11 – IT Security
G3 - Risk Management G12 – Problem Management
G4 - Software Development G13 - Manage data
G5 - Technology Maintenance G14 - Physical environment
G6 - IT Operation & Usage G15 - Manage operations
G7 - Manage changes G16 - IT performance
G8 - Software Testing G17 - Internal control
G9 - Third-party services G18 - Compliance

4. SYSTEMS AUDIT METHODOLOGY
PHASE 1 PHASE 2 PHASE 3 PHASE 4
ENGAGEMENT CONTROL AUDIT AUDIT
SCOPING ASSESSMENT REPORTING FOLLOW-UP
Project discussion Tailor Methodology Tailor audit report Verify Audit
Audit Scope Finalize methodology template findings closure
Draft Proposal Project Planning
Finalize audit report
Project Kick-off
Proposal Discussion template
General Control review
Proposal Finalization Compile report
Application Control
Team Formation review Review report
Project Logistics Weekly Project Review
Discuss draft
Findings discussion
Finalize report
Management
meeting
Arul nambi
Cell +91 9892504538
Tel. 91 – 22 – 28573170
E-MAIL : aruln@techservconsult.com
www.techservconsult.com
“Promoting Systems Integrity”