Scribd Logo
Upload

Welcome to Scribd!

  • ITS112-04.Checklist - Kiem Tra Danh Gia Rui Ro IT

    Uploaded by

    Nguyen Ken
    9 views4 pages
    The document outlines the procedures for an IT risk assessment audit of a company. It involves obtaining documentation and conducting inquiries in several key areas: the strategic plan, individual bonuses, employee goals, strategy, budgets and forecasts, financial statement risks, fraud risk assessment, mitigation of financial reporting risks, disclosure requirements, organizational structure, and the five-year plan. The goal is to evaluate risks and controls in these important business processes.

    Original Description:

    Original Title

    ITS112-04.Checklist_Kiem tra danh gia rui ro IT

    Copyright

    © © All Rights Reserved

    Available Formats

    XLS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document outlines the procedures for an IT risk assessment audit of a company. It involves obtaining documentation and conducting inquiries in several key areas: the strategic plan, individual bonuses, employee goals, strategy, budgets and forecasts, financial statement risks, fraud risk assessment, mitigation of financial reporting risks, disclosure requirements, organizational structure, and the five-year plan. The goal is to evaluate risks and controls in these important business processes.

    Copyright:

    © All Rights Reserved
    Download as XLS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xls, pdf, or txt
    9 views4 pages

    ITS112-04.Checklist - Kiem Tra Danh Gia Rui Ro IT

    Uploaded by

    Nguyen Ken
    The document outlines the procedures for an IT risk assessment audit of a company. It involves obtaining documentation and conducting inquiries in several key areas: the strategic plan, individual bonuses, employee goals, strategy, budgets and forecasts, financial statement risks, fraud risk assessment, mitigation of financial reporting risks, disclosure requirements, organizational structure, and the five-year plan. The goal is to evaluate risks and controls in these important business processes.

    Copyright:

    © All Rights Reserved
    Download as XLS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xls, pdf, or txt
    of 4

    IT Risk Assessment Audit Program

    Area Procedures
    A. Strategic Plan 1. Obtain a copy of the five-year rolling strategic plan for (insert
    year) and (insert year).
    2. Through inspection, verify that the strategic plan was updated for
    (insert year).
    B. Individual Bonuses 1. Inquire with the VP-HR as to the process for determining bonus
    payouts.
    2. Obtain documentation (policies, guidelines) related to the
    Incentive Compensation Plan that is in place.
    C. Employee Goals 1. Inquire with VP of HR concerning the process for employees to
    follow for determining Critical Success Factors.
    2. Obtain documentation (i.e. policies, guidelines, or
    communications from HR) regarding the CSF process.
    D. Strategy 1. Obtain agendas, meeting minutes, documentation and plans
    resulting from the (insert year) offsite strategy meeting.
    2. Verify that the attendees of the meeting included the top X
    individuals of the company.
    3. Through inspection, verify that the company's performance in
    relation to the strategic plan as well as strategic developments and
    their related benefits and risks were discussed.
    D. Budget and Forecast 1. Generate a random sample of two months from the period
    selected for testing, (insert date) to (insert date).
    2. Obtain copies of the X Report verifying it was completed for the
    months selected for testing.
    3. Inquire with Finance personnel to verify that senior and executive
    management review the monthly X Report.
    E. Scope 1. Obtain documentation related to the financial statement risk
    analysis.
    F. Fraud Risk 1. Through inquiry, determine how the fraud risk assessment is
    Assessment performed.
    2. Obtain a copy of the fraud risk assessment meeting minutes and
    supporting documentation.

    3. Verify potential fraud scenarios and mitigating controls were


    discussed.
    G. Mitigation of 1. Obtain copies of the company's SOX documentation.
    Financial Reporting
    Risk
    2. Through inspection, verify that plans to mitigate risks in Financial
    Reporting are included in the SOX documentation.
    H. Disclosure 1. Generate a random sample of two quarters from the period
    selected for testing.
    2. Obtain a copy of the Disclosure Committee member’s certification
    of the Quarterly Report.
    3. Through inspection, verify that the Disclosure Committee
    performed a review of controls and information to determine
    disclosure requirements as evidenced via signed certification.
    I. Organizational 1. Obtain the Company's documentation concerning the X System.
    Structure
    2. Obtain evidence that the roles within the company have been
    assigned complexity levels in order to determine the appropriate
    organizational structure.
    J. Five Year Plan 1. Obtain a copy of the five-year rolling strategic plan for (insert
    year) and (insert year).
    2. Through inspection, verify that the strategic plan was updated for
    (insert year).
    Status Notes

    You might also like