Previous Table of Contents Next


PROCEDURES

To satisfy the audit program, the following procedures were done.

  Questionnaire responses were reviewed
  Vendor-supplied passwords, password syntax and change parameters, and user profile management procedures were tested
  Profiles were compared for consistency and exceptions

Submitted to file,

__Auditor__

__Title___

WORKPAPER INDEX - CHANGE MANAGEMENT D-Index

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

D-Memo Summary memo for this audit area
D-Point Audit point(s) for this audit area
D-1 Review of questionnaire responses
D-2 Testing of change management procedures
D-3
D-4
D-5
D-6
D-7
D-8
D-9
D-99 Other procedures

REVIEW OF QUESTIONNAIRE RESPONSES D-1.1

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

I have reviewed the responses to the questionnaire section dealing with change management. A copy of that section follows this working paper as 1.2. All of the items requiring further discussion, investigation, or other follow-up are described below, and referenced by the letter (and audit point reference where appropriate) shown in the left column.

Reference Audit Point Description
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

TESTING OF CHANGE MANAGEMENT PROCEDURES D-2

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

I have selected a judgmental sample of ten program changes that took place over the last 12 months preceding the audit for testing. These changes were tested for reasonable business purpose for the change, evidence of documentation and testing, and appropriate IT or user management’s approval.

Changed program Business reason Documentation and testing Management approval

       
       
       
       
       
       
       
       
       
       
       

Based on the procedures performed and results obtained, my opinion is that____________________.

WORKPAPER TITLE D-3

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

WORKPAPER TITLE D-4

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

OTHER PROCEDURES D-99

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

SUMMARY MEMO - CHANGE MANAGEMENT D Memo

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

OBJECTIVE

The objective in this area was to determine if changes to the system hardware and software are being managed in such a way as to minimize or eliminate the risk of disruption or other problem to the production environment.

CONCLUSION

Based on the work done in this area, my opinion is that the controls over change management are/not adequate.

FINDINGS

The conclusion(s) above were made considering the following specific findings:

  
  
  

PROCEDURES

To satisfy the audit program, the following procedures were done.

  The internal control questionnaire responses were reviewed
  Change management procedures were tested to the extent possible
  

Submitted to file,

__Auditor__

__Title___

WORKPAPER INDEX - BACKUP, RECOVERY, ... E-Index

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

E-Memo Summary memo for this audit area
E-Point Audit point(s) for this audit area
E-1 Review of questionnaire responses
E-2 Evaluation and testing of backups
E-3 Evaluation and testing of disaster recovery plan
E-4 Evaluation and testing of overall recovery strategy
E-5
E-6
E-7
E-8
E-9
E-99 Other procedures

REVIEW OF QUESTIONNAIRE RESPONSES E-1.1

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

I have reviewed the responses to the questionnaire section dealing with backup, recovery, and contingency planning. A copy of that section follows this working paper as 1.2. All of the items requiring further discussion, investigation, or other follow-up are described below, and referenced by the letter (and audit point reference where appropriate) shown in the left column.

Reference Audit Point Description
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

BACKUP STRATEGY: EVALUATION AND TESTING E-2

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____


Note:  Delete or strike out unneeded lines.


Previous Table of Contents Next