Professional Documents
Culture Documents
IT Workplan ReadMe With Links
IT Workplan ReadMe With Links
Overview of IT Workplans
Technology Layer Technology Element Oracle eBusiness PeopleSoft Application Related Files Oracle eBusiness.zip PeopleSoft.zip
SAP
Generic Application DB2 Oracle database Database SQL database Generic Database AS400/OS400 UNIX/Linux (AIX, HP-UX, Solaris, Red Hat) Operating Systems Windows Domain Controller
SAP.zip
Generic Application.zip DB2.zip Oracle.zip SQL.zip Generic Database.zip AS400.zip UNIX/Linux.zip Windows DC.zip
Generic Network
How to Use
Leverage workplan to document control testing that address IT risks at the technology element layer. Leverage technology specific design assessment and Operating effectiveness testing considerations unique to each control Leverage guidance and background information for testing controls and to view common requests for each control/procedure If performing D&I only audit, use implementation procedures instead of operating effectiveness procedures (which are already included in the IT Audit Workplan Template.
Contains implementation procedures if performing a non-integrated audit where only Design and Implementation procedures are relevant. Also contains control/procedure testing guidance and background information.
Design considerations are indicative of what may be tested for design, in addition to assessment of each of the 7 design factors in the workplan. These considerations can be replaced with entity specific information that address the considerations after they are considered and do not need to be maintained in the workplan after consideration.
Operating effectiveness test procedures (starts in cell B120 for each control tab)
Implementation procedures are included in the Appendix to be leveraged if IT specialists are performing a non-integrated audit where only design and implementation procedures are being performed. These procedures can replace the operating effectiveness procedures that are included in the IT Workplan Template. Note that the procedures here are very similar to the OE procedures, but extent of testing is reduced and no procedures are included to focus on the assessment of completeness and accuracy of IPE.
General information related to the control have been included that may provide additional insights to the control and technology, which may be helpful when performing test procedures. Because this information is informational only, it has not been included in the IT Workplan Template.
Common information requests or technology commands have been included here (where available/relevant) to assist the IT Specialist with requesting information that may be relevant to obtain when testing the control activity.
Other controls are also included that may be common or relevant to multiple IT elements
(e.g., Physical access to data centers and computer rooms is appropriately restricted to personnel who require access to perform their assigned duties.
Form 1860S was used when developing the risks and related controls for each IT Audit Workplan Each risk in the 1860S document denotes the technology element which the risk and related controls is related to in association with our audits Certain risks/controls may be relevant to all IT elements, such as those related to Physical Security, and as such the IT Audit workplans include control procedures that may not be IT element specific. You may remove these risks/controls/procedures from the workplan if they are addressed in another manner on your audit engagement.
Questions or Feedback?
Please contact Kelly Rau and Tim Dixon if you: Have questions regarding the workplans Have suggestions for additional controls or procedure modifications
About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright 2013 Deloitte Development LLC. All rights reserved. 36 USC 220506 Member of Deloitte Touche Tohmatsu Limited