IT审计底稿-CheckList

整理文档很辛苦,赏杯茶钱您下走!

免费阅读已结束,点击下载阅读编辑剩下 ...

阅读已结束,您可以下载文档离线阅读编辑

资源描述

ClientNamePeriodendedContributedAugust23,2001byKhurramUqailikhurram@khurramuqaili.netInformationSystemsChecklistAuditProgrammeITAuditCL.docPage1of25ORGANISATIONANDADMINISTRATIONAuditObjectiveDoestheorganisationofdataprocessingprovideforadequatesegregationofduties?AuditProceduresReviewthecompanyorganisationchart,andthedataprocessingdepartmentorganisationchart.Yes/NoComments1IsthereaseparateEDPdepartmentwithintheCompany?2IsthereasteeringcommitteeandtheirdutiesandresponsibilitiesformanagingMISareclearlydefined?3HastheCompanydevelopedanITstrategylinkedwiththelongandmediumtermplans?4IstheEDPDepartmentindependentoftheuserdepartmentandinparticulartheaccountingdepartment?5AretherewrittenjobdescriptionsforalljobswithinEDPdepartmentandthesejobdescriptionsarecommunicatedtodesignatedemployees?6AreEDPpersonnelprohibitedfromhavingincompatibleresponsibilitiesordutiesinuserdepartmentsandviceversa?7AretherewrittenspecificationsforalljobsintheEDPDepartment?8ArethefollowingfunctionswithintheEDPDepartmentperformedbyseparatesections:nSystemdesignnApplicationprogrammingnComputeroperationsnDatabaseadministrationnSystemsprogrammingnDataentryandcontrol?ITAuditCL.docPage2of25Yes/NoComments9Arethedataprocessingpersonnelprohibitedfromdutiesrelatingto:nInitiatingtransactions?nRecordingoftransactions?nMasterfilechanges?nCorrectionoferrors?10Areallprocessingprescheduledandauthorisedbyappropriatepersonnel?11Arethereprocedurestoevaluateandestablishwhohasaccesstothedatainthedatabase?12AretheEDPpersonneladequatelytrained?13Aresystemsanalystsprogrammersdeniedaccesstothecomputerroomandlimitedintheiroperationofthecomputer?14Doanyofthecomputeroperatorshaveprogrammingknowledge?15Areoperatorsbarredfrommakingchangestoprogramsandfromcreatingoramendingdatabefore,during,orafterprocessing?16IsthecustodyofassetsrestrictedtopersonneloutsidetheEDPdepartment?17Isstrategicdataprocessingplandevelopedbythecompanyfortheachievementoflong-termbusinessplan?18ArethereanykeypersonnelwithinITdepartmentwhoseabsencecanleavethecompanywithinlimitedexpertise?19Arethereanykeypersonnelwhoarebeingover-relied?20IsEDPauditbeingcarriedbyinternalauditoranexternalconsultanttoensurecomplianceofpoliciesandcontrolsestablishedbymanagement?ITAuditCL.docPage3of25PROGRAMMAINTENANCEANDSYSTEMDEVELOPMENTAuditObjectiveDevelopmentandchangestoprogramsareauthorised,tested,andapproved,priortobeingplacedinproduction.ProgramMaintenanceAuditProcedures(i)Reviewdetailsoftheprogramlibrarystructure,andnotecontrolswhichallowonlyauthorisedindividualstoaccesseachlibrary.(ii)Notetheproceduresusedtoamendprograms.(iii)Obtainanunderstandingofanyprogramlibrarymanagementsoftwareused.Yes/NoComments1Aretherewrittenstandardsforprogrammaintenance?2Arethesestandardsadheredtoandenforced?3Arethesestandardsreviewedregularlyandapproved?4Arethereprocedurestoensurethatallprogramsrequiredformaintenancearekeptinaseparateprogramtestlibrary?5Areprogrammersdeniedaccesstoalllibrariesotherthanthetestlibrary?6Arechangestoprogramsinitiatedbywrittenrequestfromuserdepartmentandapproved?7ArechangesinitiatedbyDataProcessingDepartmentcommunicatedtousersandapprovedbythem?8Arethereadequatecontrolsoverthetransferofprogramsfromproductionintotheprogrammer'stestlibrary?9Areallsystemsdevelopedorchangestoexistingsystemtestedaccordingtouserapprovedtestplansandstandards?ITAuditCL.docPage4of25Yes/NoComments10Aretestsperformedforsystemacceptanceandtestdatadocumented?11Aretransfersfromthedevelopmentlibrarytotheproductionlibrarycarriedoutbypersonsindependentoftheprogrammers?12Doproceduresensurethatnosuchtransfercantakeplacewithoutthechangehavingbeenproperlytestedandapproved?13Isareportofprogramtransfersintoproductionreviewedonadailybasisbyaseniorofficialtoensureonlyauthorisedtransfershavebeenmade?14Areallprogramchangesproperlydocumented?15Areallchangedprogramsimmediatelybackedup?16Isacopyofthepreviousversionoftheprogramretained(foruseintheeventofproblemsarisingwiththeamendedversion)?17Aretherestandardsforemergencychangestobemadetoapplicationprograms?18Arethereadequatecontrolsoverprogramrecompilation?19AreallmajoramendmentsnotifiedtoInternalauditforcomment?20Arethereadequatecontrolsoverauthorisation,implementation,approvalanddocumentationofchangestooperatingsystems?SystemDevelopment1Arethereformalisedstandardsforsystemdevelopmentlifecycleprocedure?2Dotheyrequireauthorisationatthevariousstagesofdevelopment–feasibilitystudy,systemspecification,testing,parallelrunning,postimplementationreview,etc.?ITAuditCL.docPage5of25Yes/NoComments3Dothestandardsprovideaframeworkforthedevelopmentofcontrolledapplications?4Arestandardsregularlyreviewedandupdated?5Dotheadequatesystemdocumentationexistfor:nProgrammerstomaintainandmodifyprograms?nUserstosatisfactorilyoperatethesystem?nOperatorstorunthesystem?6Havetheinternalauditdepartmentbeeninvolvedinthedesignstagetoensureadequatecontrolsexist?7Testingofprograms-seeProgramMaintenance.8Proceduresforauthorisingnewapplicationstoproduction-seeProgramMaintenance.9Areuseranddataprocessingpersonneladequatelytrainedtousethen

1 / 25
下载文档,编辑使用

©2015-2020 m.777doc.com 三七文档.

备案号:鲁ICP备2024069028号-1 客服联系 QQ:2149211541

×
保存成功