Previous | Table of Contents | Next |
PROCEDURES
To satisfy the audit program, the following procedures were done.
Submitted to file,
__Auditor__
__Title___
WORKPAPER INDEX - CHANGE MANAGEMENT D-Index
Prepared by / date ___AUDITOR___ _96/month/day
Approved by / date _________ _96/____/____
D-Memo | Summary memo for this audit area |
D-Point | Audit point(s) for this audit area |
D-1 | Review of questionnaire responses |
D-2 | Testing of change management procedures |
D-3 | |
D-4 | |
D-5 | |
D-6 | |
D-7 | |
D-8 | |
D-9 | |
D-99 | Other procedures |
REVIEW OF QUESTIONNAIRE RESPONSES D-1.1
Prepared by / date ___AUDITOR___ _96/month/day
Approved by / date _________ _96/____/____
I have reviewed the responses to the questionnaire section dealing with change management. A copy of that section follows this working paper as 1.2. All of the items requiring further discussion, investigation, or other follow-up are described below, and referenced by the letter (and audit point reference where appropriate) shown in the left column.
Reference | Audit Point | Description |
---|---|---|
| | |
TESTING OF CHANGE MANAGEMENT PROCEDURES D-2
Prepared by / date ___AUDITOR___ _96/month/day
Approved by / date _________ _96/____/____
I have selected a judgmental sample of ten program changes that took place over the last 12 months preceding the audit for testing. These changes were tested for reasonable business purpose for the change, evidence of documentation and testing, and appropriate IT or user managements approval.
Changed program | Business reason | Documentation and testing | Management approval |
---|
Based on the procedures performed and results obtained, my opinion is that____________________.
WORKPAPER TITLE D-3
Prepared by / date ___AUDITOR___ _96/month/day
Approved by / date _________ _96/____/____
WORKPAPER TITLE D-4
Prepared by / date ___AUDITOR___ _96/month/day
Approved by / date _________ _96/____/____
OTHER PROCEDURES D-99
Prepared by / date ___AUDITOR___ _96/month/day
Approved by / date _________ _96/____/____
SUMMARY MEMO - CHANGE MANAGEMENT D Memo
Prepared by / date ___AUDITOR___ _96/month/day
Approved by / date _________ _96/____/____
OBJECTIVE
The objective in this area was to determine if changes to the system hardware and software are being managed in such a way as to minimize or eliminate the risk of disruption or other problem to the production environment.
CONCLUSION
Based on the work done in this area, my opinion is that the controls over change management are/not adequate.
FINDINGS
The conclusion(s) above were made considering the following specific findings:
PROCEDURES
To satisfy the audit program, the following procedures were done.
Submitted to file,
__Auditor__
__Title___
WORKPAPER INDEX - BACKUP, RECOVERY, ... E-Index
Prepared by / date ___AUDITOR___ _96/month/day
Approved by / date _________ _96/____/____
E-Memo | Summary memo for this audit area |
E-Point | Audit point(s) for this audit area |
E-1 | Review of questionnaire responses |
E-2 | Evaluation and testing of backups |
E-3 | Evaluation and testing of disaster recovery plan |
E-4 | Evaluation and testing of overall recovery strategy |
E-5 | |
E-6 | |
E-7 | |
E-8 | |
E-9 | |
E-99 | Other procedures |
REVIEW OF QUESTIONNAIRE RESPONSES E-1.1
Prepared by / date ___AUDITOR___ _96/month/day
Approved by / date _________ _96/____/____
I have reviewed the responses to the questionnaire section dealing with backup, recovery, and contingency planning. A copy of that section follows this working paper as 1.2. All of the items requiring further discussion, investigation, or other follow-up are described below, and referenced by the letter (and audit point reference where appropriate) shown in the left column.
Reference | Audit Point | Description |
---|---|---|
| | |
BACKUP STRATEGY: EVALUATION AND TESTING E-2
Prepared by / date ___AUDITOR___ _96/month/day
Approved by / date _________ _96/____/____
Note: Delete or strike out unneeded lines.
Previous | Table of Contents | Next |