Scribd
Upload
104 views9 pages

IT Audit Program Guide

This document outlines an IT audit program to test general controls in an organization's IT system. It discusses 14 different areas that will be audited, including operating system controls, data management controls, computer center security, and IT organizational structure. Each section lists the audit objectives, possible errors and irregularities that could be found, audit procedures to evaluate the controls, and an internal control checklist. The overall purpose is to assess access privileges, password policies, security controls, and audit trails within the IT system.

Uploaded by

Nicole Aragon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
104 views9 pages

IT Audit Program Guide

This document outlines an IT audit program to test general controls in an organization's IT system. It discusses 14 different areas that will be audited, including operating system controls, data management controls, computer center security, and IT organizational structure. Each section lists the audit objectives, possible errors and irregularities that could be found, audit procedures to evaluate the controls, and an internal control checklist. The overall purpose is to assess access privileges, password policies, security controls, and audit trails within the IT system.

Uploaded by

Nicole Aragon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

IT6

Name/s: ARAGON, Althene Nicole G. Schedule: MW 1:00-2:30 PM


Section: M31

EXER. FT 1: IT AUDIT PROGRAM FOR TEST OF GENERAL CONTROLS

1. Operating System Controls


AUDIT OBJECTIVES
1. To verify that access privileges are granted in a manner that is consistent with
the need to separate incompatible functions and is in accordance with the
organization’s policy.
2. To ensure that the organization has an adequate and effective password policy
for contolling access to the operating system.
3. To verify that effective management policies and procedures are in place to
prevent the introduction and spread of destructive programs, including viruses,
worms, back doors, logic bombs, and Trojan horses.
4. To ensure that the established system audit trail is adequate for preventing and
detecting abuses, reconstructing key events that precede system failures, and
planning resource allocation.

POSSIBLE ERRORS + IRREGULARITIES


1. Unauthorized access
2. Virus infection
3. Cybercrime attacks

AUDIT PROCEDURES
1. Review the organization’s policies for separating incompatible functions and
ensure that they promote reasonable security.
2. Review the users’ permitted log-on times.
3. Verify that all users are required to have passwords.
4. Verify that the current version of antiviral software is installed on the server and
that upgrades regularly downloaded to workstations.
5. Select a sample of security violation cases and evaluate their disposition to
assess the effectiveness of the security group.

INTERNAL CONTROL CHECKLIST


1. How does the company keep unwanted / unauthorized access out of their
system?
2. What is the company’s policy with regards to the users’ passwords?
3. Are the permitted users’ passwords strong enough to avoid unauthorized
access?
4. Does the company employ an excellent antivirus software?

REFERENCES
1. Hall, J. A. (2011). Accounting Information Systems (7th ed.). Cengage Learning.
2. Sadasdas
3. sadasd
IT6

Name/s: ARAGON, Althene Nicole G. Schedule: MW 1:00-2:30 PM


Section: M31

EXER. FT 1: IT AUDIT PROGRAM FOR TEST OF GENERAL CONTROLS

2. Data Management Controls


AUDIT OBJECTIVES
1. To verify that individuals who are authorized to use the database are limited to
accessing only the data needed to perform their duties.
2. To verify that unauthorized individuals are denied access to the database.
3. To verify that database backup controls are adequate to facilitate the recovery of
lost, destroyed, or corrupted data.

POSSIBLE ERRORS + IRREGULARITIES


4. Unauthorized access
5. Virus infection
6. Cybercrime attacks

AUDIT PROCEDURES
6. Review the organization’s policies for separating incompatible functions and
ensure that they promote reasonable security.
7. Review the users’ permitted log-on times.
8. Verify that all users are required to have passwords.
9. Verify that the current version of antiviral software is installed on the server and
that upgrades regularly downloaded to workstations.
10. Select a sample of security violation cases and evaluate their disposition to
assess the effectiveness of the security group.

INTERNAL CONTROL CHECKLIST


5. How does the company keep unwanted / unauthorized access out of their
system?
6. What is the company’s policy with regards to the users’ passwords?
7. Are the permitted users’ passwords strong enough to avoid unauthorized
access?
8. Does the company employ an excellent antivirus software?

REFERENCES
4. SASD
5. ASDAS
6. SDASDASD

IT6

Name/s: ARAGON, Althene Nicole G. Schedule: MW 1:00-2:30 PM


Section: M31
EXER. FT 1: IT AUDIT PROGRAM FOR TEST OF GENERAL CONTROLS

4. Computer Center Security and Controls


AUDIT OBJECTIVES
5. To verify that access privileges are granted in a manner that is consistent with
the need to separate incompatible functions and is in accordance with the
organization’s policy.
6. To ensure that the organization has an adequate and effective password policy
for contolling access to the operating system.
7. To verify that effective management policies and procedures are in place to
prevent the introduction and spread of destructive programs, including viruses,
worms, back doors, logic bombs, and Trojan horses.
8. To ensure that the established system audit trail is adequate for preventing and
detecting abuses, reconstructing key events that precede system failures, and
planning resource allocation.

POSSIBLE ERRORS + IRREGULARITIES


7. Unauthorized access
8. Virus infection
9. Cybercrime attacks

AUDIT PROCEDURES
11. Review the organization’s policies for separating incompatible functions and
ensure that they promote reasonable security.
12. Review the users’ permitted log-on times.
13. Verify that all users are required to have passwords.
14. Verify that the current version of antiviral software is installed on the server and
that upgrades regularly downloaded to workstations.
15. Select a sample of security violation cases and evaluate their disposition to
assess the effectiveness of the security group.

INTERNAL CONTROL CHECKLIST


9. How does the company keep unwanted / unauthorized access out of their
system?
10. What is the company’s policy with regards to the users’ passwords?
11. Are the permitted users’ passwords strong enough to avoid unauthorized
access?
12. Does the company employ an excellent antivirus software?

REFERENCES
7. SASD
8. ASDAS
9. SDASDASD

IT6

Name/s: ARAGON, Althene Nicole G. Schedule: MW 1:00-2:30 PM


Section: M31
EXER. FT 1: IT AUDIT PROGRAM FOR TEST OF GENERAL CONTROLS

9. IT Organizational Structure Controls


AUDIT OBJECTIVES
10. To verify that access privileges are granted in a manner that is consistent with
the need to separate incompatible functions and is in accordance with the
organization’s policy.
11. To ensure that the organization has an adequate and effective password policy
for contolling access to the operating system.
12. To verify that effective management policies and procedures are in place to
prevent the introduction and spread of destructive programs, including viruses,
worms, back doors, logic bombs, and Trojan horses.
13. To ensure that the established system audit trail is adequate for preventing and
detecting abuses, reconstructing key events that precede system failures, and
planning resource allocation.

POSSIBLE ERRORS + IRREGULARITIES


10. Unauthorized access
11. Virus infection
12. Cybercrime attacks

AUDIT PROCEDURES
16. Review the organization’s policies for separating incompatible functions and
ensure that they promote reasonable security.
17. Review the users’ permitted log-on times.
18. Verify that all users are required to have passwords.
19. Verify that the current version of antiviral software is installed on the server and
that upgrades regularly downloaded to workstations.
20. Select a sample of security violation cases and evaluate their disposition to
assess the effectiveness of the security group.

INTERNAL CONTROL CHECKLIST


13. How does the company keep unwanted / unauthorized access out of their
system?
14. What is the company’s policy with regards to the users’ passwords?
15. Are the permitted users’ passwords strong enough to avoid unauthorized
access?
16. Does the company employ an excellent antivirus software?

REFERENCES
10. SASD
11. ASDAS
12. SDASDASD

IT6

Name/s: ARAGON, Althene Nicole G. Schedule: MW 1:00-2:30 PM


Section: M31
EXER. FT 1: IT AUDIT PROGRAM FOR TEST OF GENERAL CONTROLS

14. System Development Controls


AUDIT OBJECTIVES
15. To verify that access privileges are granted in a manner that is consistent with
the need to separate incompatible functions and is in accordance with the
organization’s policy.
16. To ensure that the organization has an adequate and effective password policy
for contolling access to the operating system.
17. To verify that effective management policies and procedures are in place to
prevent the introduction and spread of destructive programs, including viruses,
worms, back doors, logic bombs, and Trojan horses.
18. To ensure that the established system audit trail is adequate for preventing and
detecting abuses, reconstructing key events that precede system failures, and
planning resource allocation.

POSSIBLE ERRORS + IRREGULARITIES


13. Unauthorized access
14. Virus infection
15. Cybercrime attacks

AUDIT PROCEDURES
21. Review the organization’s policies for separating incompatible functions and
ensure that they promote reasonable security.
22. Review the users’ permitted log-on times.
23. Verify that all users are required to have passwords.
24. Verify that the current version of antiviral software is installed on the server and
that upgrades regularly downloaded to workstations.
25. Select a sample of security violation cases and evaluate their disposition to
assess the effectiveness of the security group.

INTERNAL CONTROL CHECKLIST


17. How does the company keep unwanted / unauthorized access out of their
system?
18. What is the company’s policy with regards to the users’ passwords?
19. Are the permitted users’ passwords strong enough to avoid unauthorized
access?
20. Does the company employ an excellent antivirus software?

REFERENCES
13. SASD
14. ASDAS
15. SDASDASD

IT6

Name/s: ARAGON, Althene Nicole G. Schedule: MW 1:00-2:30 PM


Section: M31
EXER. FT 1: IT AUDIT PROGRAM FOR TEST OF GENERAL CONTROLS

19. System Maintenance Controls


AUDIT OBJECTIVES
20. To verify that access privileges are granted in a manner that is consistent with
the need to separate incompatible functions and is in accordance with the
organization’s policy.
21. To ensure that the organization has an adequate and effective password policy
for contolling access to the operating system.
22. To verify that effective management policies and procedures are in place to
prevent the introduction and spread of destructive programs, including viruses,
worms, back doors, logic bombs, and Trojan horses.
23. To ensure that the established system audit trail is adequate for preventing and
detecting abuses, reconstructing key events that precede system failures, and
planning resource allocation.

POSSIBLE ERRORS + IRREGULARITIES


16. Unauthorized access
17. Virus infection
18. Cybercrime attacks

AUDIT PROCEDURES
26. Review the organization’s policies for separating incompatible functions and
ensure that they promote reasonable security.
27. Review the users’ permitted log-on times.
28. Verify that all users are required to have passwords.
29. Verify that the current version of antiviral software is installed on the server and
that upgrades regularly downloaded to workstations.
30. Select a sample of security violation cases and evaluate their disposition to
assess the effectiveness of the security group.

INTERNAL CONTROL CHECKLIST


21. How does the company keep unwanted / unauthorized access out of their
system?
22. What is the company’s policy with regards to the users’ passwords?
23. Are the permitted users’ passwords strong enough to avoid unauthorized
access?
24. Does the company employ an excellent antivirus software?

REFERENCES
16. SASD
17. ASDAS
18. SDASDASD

IT6

Name/s: ARAGON, Althene Nicole G. Schedule: MW 1:00-2:30 PM


Section: M31
EXER. FT 1: IT AUDIT PROGRAM FOR TEST OF GENERAL CONTROLS

24. Internet and Intranet Controls


AUDIT OBJECTIVES
25. To verify that access privileges are granted in a manner that is consistent with
the need to separate incompatible functions and is in accordance with the
organization’s policy.
26. To ensure that the organization has an adequate and effective password policy
for contolling access to the operating system.
27. To verify that effective management policies and procedures are in place to
prevent the introduction and spread of destructive programs, including viruses,
worms, back doors, logic bombs, and Trojan horses.
28. To ensure that the established system audit trail is adequate for preventing and
detecting abuses, reconstructing key events that precede system failures, and
planning resource allocation.

POSSIBLE ERRORS + IRREGULARITIES


19. Unauthorized access
20. Virus infection
21. Cybercrime attacks

AUDIT PROCEDURES
31. Review the organization’s policies for separating incompatible functions and
ensure that they promote reasonable security.
32. Review the users’ permitted log-on times.
33. Verify that all users are required to have passwords.
34. Verify that the current version of antiviral software is installed on the server and
that upgrades regularly downloaded to workstations.
35. Select a sample of security violation cases and evaluate their disposition to
assess the effectiveness of the security group.

INTERNAL CONTROL CHECKLIST


25. How does the company keep unwanted / unauthorized access out of their
system?
26. What is the company’s policy with regards to the users’ passwords?
27. Are the permitted users’ passwords strong enough to avoid unauthorized
access?
28. Does the company employ an excellent antivirus software?

REFERENCES
19. SASD
20. ASDAS
21. SDASDASD

IT6

Name/s: ARAGON, Althene Nicole G. Schedule: MW 1:00-2:30 PM


Section: M31
EXER. FT 1: IT AUDIT PROGRAM FOR TEST OF GENERAL CONTROLS

29. Electronic Data Interchange Controls


AUDIT OBJECTIVES
30. To verify that access privileges are granted in a manner that is consistent with
the need to separate incompatible functions and is in accordance with the
organization’s policy.
31. To ensure that the organization has an adequate and effective password policy
for contolling access to the operating system.
32. To verify that effective management policies and procedures are in place to
prevent the introduction and spread of destructive programs, including viruses,
worms, back doors, logic bombs, and Trojan horses.
33. To ensure that the established system audit trail is adequate for preventing and
detecting abuses, reconstructing key events that precede system failures, and
planning resource allocation.

POSSIBLE ERRORS + IRREGULARITIES


22. Unauthorized access
23. Virus infection
24. Cybercrime attacks

AUDIT PROCEDURES
36. Review the organization’s policies for separating incompatible functions and
ensure that they promote reasonable security.
37. Review the users’ permitted log-on times.
38. Verify that all users are required to have passwords.
39. Verify that the current version of antiviral software is installed on the server and
that upgrades regularly downloaded to workstations.
40. Select a sample of security violation cases and evaluate their disposition to
assess the effectiveness of the security group.

INTERNAL CONTROL CHECKLIST


29. How does the company keep unwanted / unauthorized access out of their
system?
30. What is the company’s policy with regards to the users’ passwords?
31. Are the permitted users’ passwords strong enough to avoid unauthorized
access?
32. Does the company employ an excellent antivirus software?

REFERENCES
22. SASD
23. ASDAS
24. SDASDASD

IT6

Name/s: ARAGON, Althene Nicole G. Schedule: MW 1:00-2:30 PM


Section: M31
EXER. FT 1: IT AUDIT PROGRAM FOR TEST OF GENERAL CONTROLS

34. Computer Controls (Stand-Alone Environment)


AUDIT OBJECTIVES
35. To verify that access privileges are granted in a manner that is consistent with
the need to separate incompatible functions and is in accordance with the
organization’s policy.
36. To ensure that the organization has an adequate and effective password policy
for contolling access to the operating system.
37. To verify that effective management policies and procedures are in place to
prevent the introduction and spread of destructive programs, including viruses,
worms, back doors, logic bombs, and Trojan horses.
38. To ensure that the established system audit trail is adequate for preventing and
detecting abuses, reconstructing key events that precede system failures, and
planning resource allocation.

POSSIBLE ERRORS + IRREGULARITIES


25. Unauthorized access
26. Virus infection
27. Cybercrime attacks

AUDIT PROCEDURES
41. Review the organization’s policies for separating incompatible functions and
ensure that they promote reasonable security.
42. Review the users’ permitted log-on times.
43. Verify that all users are required to have passwords.
44. Verify that the current version of antiviral software is installed on the server and
that upgrades regularly downloaded to workstations.
45. Select a sample of security violation cases and evaluate their disposition to
assess the effectiveness of the security group.

INTERNAL CONTROL CHECKLIST


33. How does the company keep unwanted / unauthorized access out of their
system?
34. What is the company’s policy with regards to the users’ passwords?
35. Are the permitted users’ passwords strong enough to avoid unauthorized
access?
36. Does the company employ an excellent antivirus software?

REFERENCES
25. SASD
26. ASDAS
27. SDASDASD

You might also like