Académique Documents
Professionnel Documents
Culture Documents
Period ended
Audit Objective
Does the organisation of data processing provide for adequate segregation of duties?
Audit Procedures
Review the company organisation chart, and the data processing department organisation chart.
Yes/No Comments
n System design
n Application programming
n Computer operations
n Database administration
n Systems programming
ITAuditCL.doc Page 1 of 25
Yes/No Comments
n Initiating transactions?
n Recording of transactions?
n Correction of errors?
ITAuditCL.doc Page 2 of 25
PROGRAM MAINTENANCE AND SYSTEM DEVELOPMENT
Audit Objective
Development and changes to programs are authorised, tested, and approved, prior to being
placed in production.
Program Maintenance
Audit Procedures
(i) Review details of the program library structure, and note controls which allow only
authorised individuals to access each library.
Yes/No Comments
ITAuditCL.doc Page 3 of 25
Yes/No Comments
System Development
ITAuditCL.doc Page 4 of 25
Yes/No Comments
ITAuditCL.doc Page 5 of 25
Purchased Software
Yes/No Comments
Audit Objective
Is access to data files restricted to authorised users and programs?
Access to Data
n Computer room?
n On-site library?
n Off-site library?
ITAuditCL.doc Page 6 of 25
Yes/No Comments
Computer Processing
ITAuditCL.doc Page 7 of 25
Database
Yes/No Comments
Audit Procedure
(i) Note procedures for issuing, amending, and deleting passwords.
ITAuditCL.doc Page 8 of 25
Yes/No Comments
ITAuditCL.doc Page 9 of 25
Yes/No Comments
APPLICATION CONTROLS
Input
Audit Objective
Do controls provide reasonable assurance that for each transaction type, input is authorised,
complete and accurate, and that errors are promptly corrected?
ITAuditCL.doc Page 10 of 25
Yes/No Comments
Audit Objective
The controls provide reasonable assurance that transactions are properly processed by the
computer and output (hard copy or other) is complete and accurate, and that calculated items
have been accurately computed:
n Headed
n Pages numbered
n Dated
ITAuditCL.doc Page 11 of 25
Yes/No Comments
Viruses
ITAuditCL.doc Page 12 of 25
Yes/No Comments
INTERNET
ITAuditCL.doc Page 13 of 25
Yes/No Comments
CONTINUITY OF OPERATIONS
A PHYSICAL PROTECTION
1 Fire Hazard
Fire resistance:
ITAuditCL.doc Page 14 of 25
Yes/No Comments
n Smoking restriction
Fire detection:
Fire extinction:
Fire emergency:
Fire practices:
ITAuditCL.doc Page 15 of 25
Yes/No Comments
2 Water Damage
3 Air Conditioning
4 Power Supply
ITAuditCL.doc Page 16 of 25
Yes/No Comments
5 Communications Network
Alarms
Extinguishers
B ACCESS CONTROL
ITAuditCL.doc Page 17 of 25
Yes/No Comments
2 Access Control:
n Screening by a guard
n Locks/combinations
n Electronic badge/key
n Other (specify)
3 Visitor Control:
ITAuditCL.doc Page 18 of 25
Yes/No Comments
4 Terminal Security:
5 General Security
C PERSONNEL POLICIES
ITAuditCL.doc Page 19 of 25
Yes/No Comments
D INSURANCE
n Equipment?
n Storage media?
E BACK-UP PROCEDURES
ITAuditCL.doc Page 20 of 25
Yes/No Comments
3 Off-site Storage:
4 Data Files:
Tape
ITAuditCL.doc Page 21 of 25
Yes/No Comments
Disc
5 Software:
Operating procedures
6 Operations
ITAuditCL.doc Page 22 of 25
Yes/No Comments
ITAuditCL.doc Page 23 of 25
Yes/No Comments
- END OF CHECKLIST -
ITAuditCL.doc Page 24 of 25