After yesterday identifying the ineffective control in Accurus, for today, I faced some uncertainties and plan to further inquiry clients for the things I am not clear about. We communicate the queries through email, below are the questions I emailed to the client and also the replies I got received.
Q1: May I know what is the name of the ERP system Accurus Scientific Co., Ltd is using?
A1: WorkFlow ERP
Q2: I would like to check with you who is holding the user ID of ‘Accountant’?
A2: It is held by accountants when they are doing audits for the company.
Q3: May I obtain a listing of the user access matrix for six samples of staff
A3: Yes, we will provide it to you.
Q4: May I have the screenshot of your password setting for the Windows system?
A4: Yes, we will provide it to you.
Q5: May I ask, as per the enclosed screenshot, for the AD superusers, may I know which departments/ /positions/titles are held by Mr. Henry Wang, Mr. Hugo Lin, and Mr. Kok-Lin Heng?
A5: They are the chairman, general manager, and deputy general manager of the company.
Q6:
i) Who is able to authorize the migration process for system changes, perhaps you can provide me his/her names and positions/titles.
ii) Who can perform the migration process for system changes? It is only the service provider that will perform the migration? Perhaps you can also provide me with his/her names and positions/titles.
iii) What is the procedure for the migration process for system change, perhaps you can briefly explain it.
iv) For the five incident report emails (异常排除), do you reply to the senders when the reported incident is resolved? If yes, kindly provide us the screenshot of the replied emails.
Q6: Can we arrange a short meeting as I don't understand the questions?
For the last question, we then end up arranging a meeting for us to describe what are the questions we really want to ask.
Main things that have learned
-To further inquiry client for Accurus Scientific Ltd ITGC audit
Comment/idea/opinion
N/A
Comments