Today, we are scheduled to perform fieldwork for a company that is planning to go for an initial public offer (IPO). As a result, we need to expedite our process on both ITGC and CAATs tests to ensure that their financial statements are accurate and reliable for potential investors.
During our ITGC audit, we identified several critical audit points. Firstly, we noticed that finance users are sharing one ID for financial postings, and this ID is an admin ID with full access. This is a significant concern as shared IDs make it impossible to trace transactions back to individual users.
Secondly, we observed that the finance manager carries out the backup of the application system, which poses a risk of theft. We recommended that the client move the offsite backup to a more secure location, such as the manager's home or cloud backup.
Thirdly, we noted that the company does not practice backup restoration, which means they are unable to determine if the backup is restorable or not.
We conducted an exit meeting with the client and presented our findings and recommendations. Fortunately, the client agreed to take our suggestions seriously and make quick improvements to their ITGC practices to give potential investors confidence in the company's financial statements.
Main things that have learnt:
To learn how to present audit findings in an effective and polite way.
Comment/idea/opinion
N/A
Comments