Add to collection(s) Add to saved
  1. Business
  2. Finance
  3. Corporate Finance

Information System Audit Checklist A hardware review evaluates the structure of:

advertisement 
Information System Audit Checklist
A hardware review evaluates the structure of:
1. the system fileservers
2. workstations
3. network hubs
4. wiring
5. communication devices
6. laptops
7. printers
8. peripherals
Software evaluations cover:
1. operating systems
2. critical applications
3. licensing
4. upgrade policies
5. user training
6. standardization and more.
Documentation covers the details of:
1. system components
2. log files
3. disaster recovery plans
4. user policies.
A system environment review entails:
1. critical system functions
2. management attitudes
3. training policies
4. key technology personnel
5. information system budgeting
6. other system requirements.
Security examines:
1. access controls
2. passwords
3. internal controls on key applications
4. backup systems.
Example of issues regarding hardware include:
1. fileserver integrity
2. hard drive space
3. amount of RAM
4. processor speed
5. drive partition information
6. operating system versions.
The auditor also must assess the risk of the server going down, as well as:
1. Does the server have enough capacity?
2. Is the performance adequate for the environment?
3. Should the operating system be upgraded to the latest service release?
4. Are there any incompatible elements embedded in the system?
5. Is data storage optimized for access speed and end-user ease of use?
Software examination explores:
1. critical applications;
2. number of licensed concurrent users;
3. version levels;
4. interaction with other applications;
5. where and how applications are executed;
6. input and output controls;
7. database structure;
8. level and type of support by the software vendor.
Conclusions the auditor will make regarding software may include whether or not:
1. users are adequately segregated by functions within accounting and operation
applications;
2. there are an appropriate number of software licenses;
a. for multiple installed applications, such as Microsoft Office,
i. are the versions consistent;
b. data is stored in a logical, secure and easy access format; and application service
patches are up-to-date?






Documentation auditing validates that the client is proactively planning for
contingencies.
System documentation and disaster recovery plans are critical in case of disasters where
portions or even all of an information system needs to be rebuilt.
Log tiles record information about system errors, intruder access attempts, nightly backup
status and e-mail glitches. These logs are early warning systems and should be reviewed
regularly.
Written policies, for computer users, provide a defensible position against employee
wrongdoing.
It is a simple procedure to verify that a client has adequate up-to-date documentation.
System environment review is, of course, one of the first steps in an information system
audit. The auditor needs to understand managements' attitude toward their information
system. Examples of questions to ask are:
o How much do they depend on their system?
o What is the current technology budget?
o What is the information system personnel's experience and educational
background?
o Does the company have adequate third-party tech support?
o Does the company encourage continuing technology education?
Security issues may be the most critical to a information system audit. Security breaches can lead
to severe damage. One disgruntled employee can go home, dial into a system and completely
destroy it with very little trace. In one situation, an employee who was terminated deleted the
password file on the Domain Name Server and locked the company out of more than 800 PCs for
a week.
 Are all passwords changed regularly, especially the system administrator's?
 An auditor's checklist would have uncovered this weak point and could have averted the
disaster, saving the company approximately 100 times the cost of the audit engagement..
Related documents
Exercise 1. You are an internal auditor assigned to perform... center. On reviewing the operations policy and procedures manuals, you...
Exercise 1. You are an internal auditor assigned to perform... center. On reviewing the operations policy and procedures manuals, you...
Question: 1. If the auditor finds only one instance of... the auditor assume that this is an isolated instance? Why...
Question: 1. If the auditor finds only one instance of... the auditor assume that this is an isolated instance? Why...
Board of Trustees Report to the Audit Committee February 13, 2014
Board of Trustees Report to the Audit Committee February 13, 2014
NORTH PENN SCHOOL DISTRICT School Board Policy
NORTH PENN SCHOOL DISTRICT School Board Policy
Activity 3
Activity 3
Audit opinions
Audit opinions
Adhri (Auditing) Findings
Adhri (Auditing) Findings
General IT Controls
General IT Controls
Audit analysis procedures
Audit analysis procedures
436356489-Audit-in-Cis-Environment
436356489-Audit-in-Cis-Environment
Audit & Risk Management Committee Charter 1 General Scope and Authority
Audit & Risk Management Committee Charter 1 General Scope and Authority
Basic principles governing an Audit
Basic principles governing an Audit
aud reviewer
aud reviewer
Free Demo of IIA-CRMA Dumps Pdf
Free Demo of IIA-CRMA Dumps Pdf
IIA-CRMA-demo
IIA-CRMA-demo
Aviation Audit procedure
Aviation Audit procedure
quizzer-auditing-theory
quizzer-auditing-theory
CIS411 Assignment6 Kurt Clark
CIS411 Assignment6 Kurt Clark
MEETING OF THE AUDIT COMMITTEE OF THE BOARD OF TRUSTEES HOUSTON COMMUNITY COLLEGE
MEETING OF THE AUDIT COMMITTEE OF THE BOARD OF TRUSTEES HOUSTON COMMUNITY COLLEGE
Sharing the UK Experience Audience:
Sharing the UK Experience Audience:
ISA-210 -Agreeing-the-Terms-of-Audit-Engagement
ISA-210 -Agreeing-the-Terms-of-Audit-Engagement
ch 6 short notes
ch 6 short notes
Download
advertisement