Previous Table of Contents Next


MASTER TICK MARK LEGEND AA-Legend

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

This tick mark legend applies to all of the workpapers for this engagement. Supplemental legends may be found in individual audit areas or on specific workpapers.

F footed (if below)/crossfooted (if beside)
SF scan footed
Ö indicated attribute tested without exception
wp ref.fi (traced from the indicated workpaper
wp ref. traced to the indicated workpaper

AUDIT PLANNING MEMO AA-1

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

OVERVIEW

The audit of __ in __, __ will take place during the week of __. The audit will have the following emphases:

data center general controls; and
a telecommunications overview.

Field time is __ days, with __ manager(s), __ senior auditor(s); and __ staff auditor(s) assigned to the fieldwork.

SPECIFIC OBJECTIVES

The objectives for this assignment are to evaluate IT general controls:

1. administration; 2. physical security; 3. logical security; 4. change management; 5. backup, recovery, and contingency planning; 6. data center operations.

APPROACH

The approach selected will begin with the information technology control questionnaire appropriate to this location (or having the most recent one updated, if appropriate); getting the current information on prior recommendations and carryforward documents, and basic discussions with the client. This is followed by fieldwork, which should include discussions, documentation reviews, direct testing, and other procedures as deemed necessary.

Local personnel will be kept informed at all times regarding the status and potential findings related to the procedures performed. This will culminate in an exit conference with appropriate local personnel. Materials distributed during the exit meeting may be any appropriate combination of the audit point summary, a summarized agenda format, or a preliminary audit report draft.

Final audit report development and issuance will follow standard audit procedures.

LOCAL CONTACTS

Plant manager
Controller
IT manager
Programmer/Analyst

STAFFING

The staff personnel assigned to this job include:

Manager(s):
Senior(s):
Staff:

TIMING

The audit will be executed with a total budget of __ days; __ days in the field during the week(s) of __; with the balance allocated to office time for administrative matters and report issuance.

Submitted to file,

__Auditor__

__Title____

AUDIT PROGRAM AA-2

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

REVIEW OF CARRYFORWARD DOCUMENTATION AA-3

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

I have reviewed the carryforward workpapers. My observations/comments/ questions/etc. are shown below, organized in the order of the items included in the carryforward workpapers.


Note:  Strike out any items not available or excluded from review.

CF-10 General controls questionnaire booklet

CF-20 Data processing inventory documents

CF-20.1 hardware inventory
CF-20.2 software inventory
CF-20.3 organization chart
CF-20.4 contingency recovery plan
CF-20.5 network diagram
CF-20.6 control manuals
CF-20.7 job descriptions
CF-20.8 personal computer inventory
CF-20.9 data processing long-range plan
CF-20.10 MIS service/programming request form
CF-20.11 user profile maintenance form
CF-20.12 current project backlog listing
CF-20.13 systems development and maintenance standards
CF-20.14 data processing budget
CF-20.15 sample programmer documentation
CF-20.16 sample user documentation
CF-20.17 system utilization analyses
CF-20.18 data processing error log
CF-20.19 personal computer user guidelines
CF-20.20 human resources transfer/termination list
CF-20.21 testing procedures for fire security systems
CF-20.22 continuing education records

CF-30 System value listing

ENTRANCE CONFERENCE AA-4

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

An entrance meeting was held on with the following personnel:

  
  
  
  
  (myself)

We discussed the following items:

  the audit scope (described in the A-1 planning memo)
  the expected audit timing (as shown in the A-11 correspondence)
  personnel to talk to in regards to the various scope items
  audit finalization and reporting procedures

They posed the following questions and potential scope adjustments for the audit:

  
  
  
  

No other noteworthy matters took place during the meeting.

RESOLUTION OF ENTRANCE CONFERENCE QUESTIONS / ISSUES AA-5

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

STATUS OF PRIOR RECOMMENDATIONS A-6

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

I have reviewed the prior audit report which is included as AA-6.2 in these workpapers. There were two areas of recommendation in that report.

FACILITY TOUR AA-7

Prepared by / date ___AUDITOR___ _96/month/day

Approved by / date _________ _96/____/____

I was taken on a plant tour by _??_ on _ Month _ Day _ , _ Year _. During that tour, I noted the following:

  Item 1
  Item 2
  Item 3
  Item 4
  Item 5


Previous Table of Contents Next