Day 20 (14 Nov 2022)

Today, I will start to carry out a task regarding information technology general control or commonly known as ‘ITGC’ audit work, this task’s purpose is to test the effectiveness of a company’s general control that it applies to their information technology matters. It is important for a company to have proper control over its information technology, especially nowadays, when cybersecurity, ransomware, and all these kind of things started to become popular and common, the company itself need to build a defense system to protect its information system. Does it relate to the accounting or audit field? Yes, for sure it does, it has a significant relationship with the audit works, the purpose of audit work, the financial audit is to test whether there is any loophole that allows the staff to steal the company assets, if it is not being safeguarded properly, the information system can be one of the loopholes staff use it for their personal interest. Imagine that a financial staff who can access the audit trail and able to modify it, can record a transaction that transfers company money to his own account, then he can secretly delete this audit trail, and nobody going to realize it. So it is important for our role, as an information system auditor to inspect the company’s ITGC as it might directly affect the engagement audit team’s work because if the system is not trustable then we can also say the financial statement is not reliable.

So after knowing the importance of the ITGC audit, I started to go through all the information given by Kar Enn. There are five folders, the first is the folder created for me to put my work, the second folder is the previous work from another company that Kar Enn gave me for reference purposes, the third folder is the evidence client gave based on our information request list, the fourth folder is the previous year working record, the last folder is to store our planning document and the prepared information request list.

The thing I did today is to go through all the evidence given by the client, then I need to double check with our information request list to see whether the client provided us with all the documents we want or not if not we can follow up with a client for the missing documents. I started going through all the documents given by the client and found that the document they gave are quite complete and then I labeled each of the documents following the table below:

For each of the subfolders, I will put the relevant documents inside it, it is all done to ease the next following process.

Main things that have learned

• I learned about the importance of ITGC audit

• I started the ITGC audit by grouping the evidence document and labeling it accordingly

Comment/idea/opinion

The task I performed today allow me to have an idea of the importance of ITGC for a company and so how important it is for the role of an information system auditor to conduct an ITGC audit work.