Today, I am nearing completion of the Company “MY” CAATs test, and I plan to shift my focus to the ITGC portion of the audit. I have gathered all the necessary evidence and am now in the process of drafting the paperwork and management letter.
Based on the evidence I have collected; I can confidently say that the company has excellent control over its IT operations. They have made significant strides since the previous year's audit, implementing several of the recommendations raised.
During the review, I noticed that even though the admin ID of the financial system is held by IT personnel, there is no practice in place to be the audit trail of superuser activities. As a result, I have included this point in my management letter and sent the report to my director for re.
As the day draws to a close, I will focus on completing the audit working paper and management letter. Additionally, I will upload the evidence documents to the server, allowing my director to access them as necessary.
Main things that have learnt
• To understand the purpose to conduct super user ID audit trail review.
Comment/idea/opinion
It is good to notice that the client did follow our suggestion to strengthen their information technology general control. Hence, we can that our role is important as the suggestion we have given will prevent the company from IT risk.
Comments