Today, I have a fieldwork arrangement with my senior, and the client's location is in Pealing Jaya. I used public transportation to reach the place, which is typical for fieldwork arrangements. We conducted a walkthrough to obtain the pending documents on the information request list, and then we proceeded to conduct a sighting of the server room.
During the fieldwork, I approached the finance person in charge to request the required documents for the CAATs test. However, one difficulty we faced was that I was in charge of the Malaysia subsidiary, while my senior was handling the Singapore subsidiary. Although the registered office for both subsidiaries was the same, some specific documentation was separated. For instance, the active user listing was separate, but the IT policy and helpdesk management documentation were the same. Therefore, we had to identify which practices were shared and which ones were not.
We discovered three audit points during the fieldwork. The first point related to the server that hosted the accounting software. The server's Windows version was reaching the end of its life, which posed a risk to the company, as it would no longer receive support or updates from Windows. The second point was related to user access administration. We noticed that there was no formal documentation for user access termination. The last point was related to the server room. We suggested that the company improve physical control by setting up CCTV cameras and smoke detectors.
Main things that have learnt:
To learn how to handle when the company has two subsidiaries that share the same ITGC practice.
Comment/idea/opinion
N/A
Comentarios