Toggle Side Panel
Close search
Lesson 1 of 0
In Progress

6.4 Audit under computerised information systems. Identification and testing of relevant IT general controls (ITGC) during an audit – Audit of public sector undertakings – Integrated reporting

July 4, 2023

Audit under Computerized Information Systems: Audit under computerized information systems involves assessing the internal controls and reliability of financial information processed through computer systems. It focuses on understanding and evaluating the IT environment, including IT general controls (ITGC) and application controls. Here’s an overview of the identification and testing of relevant ITGC during an audit:

Identification of IT General Controls (ITGC): ITGC are controls that provide a foundation for the effective functioning of an organization’s IT systems. They include controls over the organization’s overall IT infrastructure, access controls, program development, program changes, and IT operations. Common ITGC include:

  1. Access Controls: Controls to ensure appropriate user access rights, segregation of duties, and user authentication and authorization.
  2. Change Management Controls: Controls to manage and track changes to application systems, including testing and approval processes.
  3. System Development Controls: Controls over the development and implementation of new or modified systems to ensure accuracy, completeness, and integrity.
  4. IT Operations Controls: Controls related to the operation and management of IT systems, such as data backup and recovery procedures, system performance monitoring, and incident management.

Testing of IT General Controls (ITGC): During an audit, the auditor performs testing procedures to assess the operating effectiveness of ITGC. This typically involves:

  1. Documentation Review: Reviewing documentation such as IT policies, procedures, and control manuals to understand the design of ITGC.
  2. Walkthroughs: Conducting walkthroughs to observe the implementation and effectiveness of ITGC in practice.
  3. Sample Testing: Selecting a sample of transactions and testing the application of ITGC controls to ensure they operate effectively.
  4. Observation and Inquiry: Observing the IT staff and inquiring about their responsibilities and adherence to ITGC controls.
  5. Data Analysis: Performing data analysis procedures to identify anomalies or inconsistencies in data processed through IT systems.

Audit of Public Sector Undertakings: Auditing public sector undertakings involves evaluating the financial statements, compliance with applicable laws and regulations, and efficiency and effectiveness of operations of government-owned entities. It includes specific considerations such as:

  1. Compliance with Public Sector Accounting Standards: Assessing compliance with accounting standards specific to the public sector.
  2. Review of Budgetary Controls: Evaluating budgetary controls and comparing actual performance with budgeted amounts.
  3. Governance and Oversight: Assessing the effectiveness of governance structures and oversight mechanisms in place.
  4. Performance Measurement: Evaluating the performance measurement systems used by public sector undertakings to assess their efficiency and effectiveness.
  5. Regulatory and Legal Compliance: Ensuring compliance with specific regulations applicable to public sector entities.

Integrated Reporting: Integrated reporting refers to the presentation of a holistic view of an organization’s performance, considering not only financial aspects but also its social, environmental, and governance dimensions. It aims to provide stakeholders with a comprehensive understanding of the organization’s value creation and sustainability. Key considerations for integrated reporting include:

  1. Materiality Assessment: Identifying and reporting on the organization’s most significant impacts, risks, and opportunities, both financial and non-financial.
  2. Stakeholder Engagement: Engaging with stakeholders to understand their interests and expectations and reporting on how the organization meets those expectations.
  3. Integration of Financial and Non-Financial Information: Presenting a cohesive narrative that integrates financial and non-financial information, demonstrating the organization’s long-term value creation.
  4. Future-oriented Perspective: Providing insights into the organization’s strategy, risks, and prospects for sustainable development.
  5. Governance and Risk Management: Reporting on the organization’s governance structures, risk management practices, and internal controls.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .