Scribd Logo
Upload

Welcome to Scribd!

  • 29 views

    Board Room - PM 2

    Uploaded by

    normatividad teletrabajo
    The document provides questions to consider when obtaining an understanding of an entity's use of IT in relation to a specific process or transaction (SCOT). It covers general questions as well as questions regarding the initiation, recording and processing, and reporting of transactions to the general ledger. It also addresses the identification of important performance evidence (IPE) that is used or prepared by management in executing controls.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Board Room - PM 2

    Uploaded by

    normatividad teletrabajo
    29 views2 pages
    The document provides questions to consider when obtaining an understanding of an entity's use of IT in relation to a specific process or transaction (SCOT). It covers general questions as well as questions regarding the initiation, recording and processing, and reporting of transactions to the general ledger. It also addresses the identification of important performance evidence (IPE) that is used or prepared by management in executing controls.

    Original Description:

    Original Title

    Board room - PM 2 (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides questions to consider when obtaining an understanding of an entity's use of IT in relation to a specific process or transaction (SCOT). It covers general questions as well as questions regarding the initiation, recording and processing, and reporting of transactions to the general ledger. It also addresses the identification of important performance evidence (IPE) that is used or prepared by management in executing controls.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    29 views2 pages

    Board Room - PM 2

    Uploaded by

    normatividad teletrabajo
    The document provides questions to consider when obtaining an understanding of an entity's use of IT in relation to a specific process or transaction (SCOT). It covers general questions as well as questions regarding the initiation, recording and processing, and reporting of transactions to the general ledger. It also addresses the identification of important performance evidence (IPE) that is used or prepared by management in executing controls.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    Questions to be considered when obtaining an understanding of entity’s use of IT

    The below questions should be considered when obtaining an understanding of an entity’s use of IT in
    the critical path of a SCOT and the related flow of information.

    General questions
    • Have significant changes to the critical path of the SCOT, the flow of information, or the IT
    applications1 used in the SCOT occurred or are planned to occur in the audit period?
    • Are applications that support the SCOT considered to be ‘out of scope’?
    • Are service providers usedto provide/host IT applications used in the SCOT?
    • Do service providers or other third parties have access to IT applications used in the SCOT?
    • Are WCGWs related to the inappropriate transaction-level user access and access to incompatible
    IT application functions identified?

    Initiation
    • What applications are used to initiate transactions?
    • Is more than one application used to initiate a transaction (e.g. IT applications for mobile/remote
    devices, EDI transactions, bots)?
    • Are there multiple instances of the same IT application used to initiate transactions?
    • Can transactions be initiated via a file transfer and what are the file transfer processes and
    relevant IT application(s)?
    • Are there IT applications without users, including stored procedures in databases, that may not be
    known to process owners used in the transaction initiation?
    • How are transactions initiated, and what information or files are used during transaction
    initiation?

    Recording and processing

    • What IT applications and databases are used to record and process transactions?
    • What are the automated or manual interfaces between the applications and databases used to
    initiate transactions and those that record and process transactions?
    • Are automated tools used to facilitate the transfer of information between IT applications (e.g.
    message queues, staging databases) or transform the data?
    • Is a data warehouse or other databases used in generating IPE, the recording or processing of transactions?
    • Are there IT applications without users, including stored procedures in databases, that may not be
    Known to process owners used in the recording and processing of transactions?
    • If reference information (e.g., pricing,sales tax rates) is used in the recording and processing of
    transactions, is input and maintenance of that information identified?
    Questions to be considered when obtaining an understanding of entity’s use of IT

    Reporting to the general ledger


    • What IT applications and databases are used to report transactions (i.e., record to the general ledger)?
    • How is information accumulated and transferred (including whether the interface is automated or
    manual) to the general ledger?
    • Are automated tools used to facilitate the transfer of information between IT applications (e.g.
    message queues, staging databases)?
    • Is a data warehouseor other databases used to support recording of transactions to the general ledger?
    • Are there IT applications without users, including stored procedures in databases, that may not be
    known to process owners used in the recoding of transactions to the general ledger?
    • What applications, including data warehouses or other databases, are used in the preparation of
    thefinancial statements and significant disclosures?

    IPE considerations

    There is IPE associated with every ITDM control and manual control we test and we must identify it
    and address the relevant risks. A good method foridentifying IPE prepared or used as inputby
    Management in the execution of controls is to read control statements. The information used or
    Prepared in those controls should be clearly stated.

    Contacts for questions


    Refer to EY GAM or contact your region’s FAIT Leader for additional information.

    1An IT application is a set of programs that helps an entity process transactions along the critical paths of SCOTs and

    significant disclosure processes or produce IPE that is able to be subjected to IT processes and controls. Groups of programs
    that are relevant to processing data may lack formal IT application names are considered IT applications for our work.
    Examples of such tools include data transformation programs and interface programs. IT applications may not have business
    users. Programs written in end user computing tools such as Visual Basic in Microsoft Excel or Microsoft Access may not
    be designed to be able to be subjected to IT processes and controls and are not IT applications as defined here.

    You might also like