SlideShare une entreprise Scribd logo

Sample audit plan

Télécharger en tant que DOC, PDF
Maher Manan
Maher Manan

Sample audit plan

Business
1  sur  7
Audit Scope The objective of this audit is to assist UNCCG in reviewing its enterprise data warehouse technology platform. The scope of work for this audit will consist of <XXXX> hours of professional services and the objectives for this audit will include a review of the following control points:  Data Warehouse Management o Data Warehouse Governance o Financial Management o Risk Management o Human Resources o Portfolio Project Management  Data Warehouse Operations o DW Architecture and Integration o Systems Development and Testing o Change Management o System Monitoring o Problem Management o Logical Security o Data Transmission o Metadata  Business Integration o Service Delivery (Business Process Integration and Analysis) o Project Management o Help Desk Audit Approach Our approach for the execution of this audit engagement will consist of interviews with key employees, review of documents, inspections, data extractions and the usage of applicable audit tools. The audit will consist of the components described below. The phases are listed in sequential order and should provide an overview of the sequencing of the proposed engagement. Phase description Deliverables 1. Mobilization phase– GF Consulting will perform the following:  Develop and provide to UNCCG an advanced data request (ADR) of the relevant documents and materials that will support our fieldwork.  Develop and provide to UNCCG an initial interview list of those business and IT professionals that we anticipate • Advanced data requests (see appendix for a sample request) • Interview lists of key employees that we would like to interview (see appendix for a sample list) • Detailed Audit Program document(s) for each of
needing to meet with in order to perform this audit.  Develop an audit program to guide activities during the course of this audit. The audit program guide should include a list of the controls that would be reviewed along with a defined approach for understanding the design of the control and how it would be tested to determine if it was operating effectively. the following areas: Data Warehouse Management, Data Warehouse Operations and Business Integration. 2. Execution phase – Once the audit program has been finalized, and the appropriate resources have been identified, fieldwork will proceed in accordance with the audit plan. • Results from the execution of the detailed Audit Program • Working papers that support the results from the detailed Audit Program 3. Reporting phase – All IT audit work is summarized in the IT audit report. Our team will compile and present a draft report to UNCCG management within three weeks of completing the execution phase. The purpose of this draft is discussion and incorporation of any comments prior to issuing a final report to UNCCG. • Draft report for discussion containing an executive summary, audit findings and recommendations for improvement. • Final report with edits and comments from UNCCG management Risk Assessment Based on the information provided by UNCCG during our initial conversation, combined with our understanding about the business environment in which UNCCG operates, we have formulated the following risk considerations that we understand are relevant to your business. Our goal is to incorporate these risk considerations in our audit program to be developed in the Mobilization Phase of this engagement. Risk category: Regulatory Risk 1 As a publicly traded company, UNCCG is subject to compliance with the Sarbanes-Oxley Act of 2002 (SOX). As a result, UNCCG’s management must: • Accept responsibility for the effectiveness of the company’s internal control over financial reporting. • Evaluate the effectiveness of the company’s internal control over financial reporting using suitable control criteria. • Support is evaluation with sufficient evidence, including documentation.
• Present a written assessment of the effectiveness of the company’s internal control over financial reporting as of the end of the company’s most recent fiscal year. Although this legal requirement may not have a direct impact on the data warehouse applications subject to this audit, once it is not categorized as a “financial reporting related” application, it may have an indirect impact in the case that technology infrastructure is common among the financial reporting systems and the data warehouse applications. Technology infrastructure (operations, security, processes, people) that support financial reporting systems are subject to SOX compliance requirements. Risk category: Techonology/Reputational Risk 2 Privacy regulations The Personal Data Privacy & Security Act of 2005 bill states that organizations must “adopt reasonable procedures to ensure the security, privacy and confidentiality of personally identifiable information” and notify relevant governing bodies when security breaches occur. The bill also states that, if there is reason to believe the stolen data can be used for identity theft, then the organization must make public notification. We have seen increased pressure in the marketplace pushing companies to move to a better defined and better controlled data privacy controls environment. We understand that a significant portion of UNCCG’s revenue comes from check cards, credit and debit card transactions on which some consumer information is collected, processed and may or may not be stored. It is our understanding that payment information processing is processed externally. In addition, UNCCG’s consumer loyalty program collects and stores consumer private information such as telephone numbers, addresses, names and a history of purchases. Based on those facts, we understand that current and future privacy regulations are a relevant risk to the business at UNCCG that has both a regulatory impact and also a brand impact, given that fact that future privacy breaches will be required to be made public. Risk category: Operational Risk 3 External Vendor’s access to enterprise data Based on the information provided by UNCCG during our initial conversations, we understand that credit and debit card payment processing is outsourced with an external vendor. In addition, UNCCG indicated that it relies on a third party vendor, located in India, to perform program change and program development functions for the data warehouse (DW) management system. This external vendor has remote access to the UNCCG environment. We understand that, even though UNCCG has outsourced program change and program development functions to a third party vendor, it is still responsible for ensuring the accuracy, completeness and appropriateness of program changes and developments on the DW environment. In order to perform their business function, both these vendors will have the ability to get access to sensitive enterprise data including consumer information. Based on that fact, we consider that this is a relevant risk to the company’s IT environment.
Risk category: Credit Risk/Technology Risk 4 Unavailability of credit and/or debit card processing application We understand that a significant portion of UNCCG’s revenue comes from check cards, credit cards and debit cards transactions, which are processed externally (for approval purposes) and stored by one of the company’s mainframe based systems (for reconciliation and historic purposes). Unavailability of either the external processing vendor or of the mainframe-based system would cause point of sales systems (POS) at the stores to operate in an “offline mode” and only cash payments would be allowed, until functionality is completely restored. Based on that information, we consider that unavailability of card payment applications is a relevant risk to the business that has a direct impact on the customer’s perception of quality of service and a direct impact on sales. Communications Through regular meetings and ongoing communication with management, we will establish a relationship of openness and teamwork through which we can discuss significant audit findings, recommendations for improving internal controls or operations, and current industry issues (or any other issues management wishes to discuss), and ultimately develop solid solutions without surprises. We commit to holding regular meetings with management, both formally and informally, to foster such a relationship. Management letters and communication are an important element of professional service. It is our policy to discuss our findings and recommendations with the appropriate members of management prior to issuance so that we can verify factual accuracy. Our final report will only include findings and recommendations considered significant. Other matters will be communicated throughout the engagement and during our regular meetings and fieldwork. Planned schedule GF Consulting estimates this engagement will require approximately xxxx weeks of effort, and we are prepared to begin fieldwork on a date mutually agreed upon with UNCCG. In addition, we understand the final report for this audit must be completed no later than July 15, 2006.
APPENDIX I – Sample Advanced Data Request The following information would be helpful in evaluating the existing data warehouse environment to the extent it already exists. 1. Organization Charts a. Technology (Development and Operations) b. Business 2. Telephone Directory 3. User Documentation a. Data warehouse user training guides b. Data warehouse user operational manuals 4. Systems documentation a. Application architecture (including an explanation of any automated interfaces) b. Systems operations overview (platform and network) c. Third party vendor agreements 5. Management procedures and policies a. Operations Management (system monitoring, maintenance, and or scheduled support) b. Information Security (logical access) c. Change Management (change control and configuration management) d. Business Continuity Plan(s) e. Disaster Recovery Plan(s) f. Problem Management
APPENDIX II – Sample Interview request The following is a list of individuals we anticipate will be likely requested to participate in a one-hour interview with one of our team member. Shedule will be arranged by our team in observance to UNCCG’s personnel commitments and priorities. Other interviews may be determined necessary as we make progress and we will make our best efforts to communicate this as soon as possible so it can be scheduled in a non-disruptive manner. Individual Role Jerry Lewis Chief Information Officer Brunno Rodriguez Chief Security Officer Chris Poknis Vendor Relationship Manager Andy Tatum IT Operations Manager Andrew Deloach Database Administrator (DBA) Chris Maiden Data Warehouse Lead Mike Maher Data Warehouse Service Delivery Manager Josh Smith Data Warehouse Architect Amanda Fernandez SAP Project Lead Steve Lucas Data Warehouse Senior Analyst
APPENDIX II – Sample Interview request The following is a list of individuals we anticipate will be likely requested to participate in a one-hour interview with one of our team member. Shedule will be arranged by our team in observance to UNCCG’s personnel commitments and priorities. Other interviews may be determined necessary as we make progress and we will make our best efforts to communicate this as soon as possible so it can be scheduled in a non-disruptive manner. Individual Role Jerry Lewis Chief Information Officer Brunno Rodriguez Chief Security Officer Chris Poknis Vendor Relationship Manager Andy Tatum IT Operations Manager Andrew Deloach Database Administrator (DBA) Chris Maiden Data Warehouse Lead Mike Maher Data Warehouse Service Delivery Manager Josh Smith Data Warehouse Architect Amanda Fernandez SAP Project Lead Steve Lucas Data Warehouse Senior Analyst

Recommandé

Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit pptLetzconsult.com
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditingKhalid Aziz
 
Internal Audit Reporting
Internal Audit ReportingInternal Audit Reporting
Internal Audit ReportingSALIH AHMED ISLAM
 
Presentation on Audit Findings
Presentation on Audit FindingsPresentation on Audit Findings
Presentation on Audit FindingsDeshapriya Senanayake
 
Internal audit
Internal auditInternal audit
Internal auditRahul Mithia
 
Auditing history
Auditing historyAuditing history
Auditing historyRakibul islam
 
Analytical procedures presentation
Analytical procedures presentationAnalytical procedures presentation
Analytical procedures presentationDarryl Woolley
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditingHardik Shah
 

Recommandé

Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit pptLetzconsult.com
 
Basic internal auditing
Basic internal auditingBasic internal auditing
Basic internal auditingKhalid Aziz
 
Internal Audit Reporting
Internal Audit ReportingInternal Audit Reporting
Internal Audit ReportingSALIH AHMED ISLAM
 
Presentation on Audit Findings
Presentation on Audit FindingsPresentation on Audit Findings
Presentation on Audit FindingsDeshapriya Senanayake
 
Internal audit
Internal auditInternal audit
Internal auditRahul Mithia
 
Auditing history
Auditing historyAuditing history
Auditing historyRakibul islam
 
Analytical procedures presentation
Analytical procedures presentationAnalytical procedures presentation
Analytical procedures presentationDarryl Woolley
 
Internal controls in auditing
Internal controls in auditingInternal controls in auditing
Internal controls in auditingHardik Shah
 
Audit procedures
Audit proceduresAudit procedures
Audit proceduresBilal Ahmed Bhatti
 
Chapter audit report
Chapter audit reportChapter audit report
Chapter audit reportEasyStudy3
 
Audit planning
Audit planningAudit planning
Audit planningRichard Clarke Academy
 
Presentation on New Auditor Report
Presentation on New Auditor ReportPresentation on New Auditor Report
Presentation on New Auditor ReportMuhammad Shahzad Anjum
 
Internal and external audit
Internal and external audit Internal and external audit
Internal and external audit Sundar B N
 
Audit procedures
Audit proceduresAudit procedures
Audit proceduresDarryl Woolley
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit FrameworkAhmad Tariq Bhatti
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015Mohammad Kashif
 
Audit Process, Audit Procedures, Audit Planning, Auditing
Audit Process, Audit Procedures, Audit Planning, AuditingAudit Process, Audit Procedures, Audit Planning, Auditing
Audit Process, Audit Procedures, Audit Planning, AuditingAdvance Business Consulting
 
planning process in audit ppt
planning process in audit pptplanning process in audit ppt
planning process in audit pptKunalPatel257
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit pptIbrahim Jimalle
 
AUDIT EVIDENCE
AUDIT EVIDENCE AUDIT EVIDENCE
AUDIT EVIDENCE MUHAMMAD HUZAIFA CHAUDHARY
 
Ch 13. substantive procedures
Ch 13. substantive proceduresCh 13. substantive procedures
Ch 13. substantive proceduresSazzad Hossain, ITP, MBA, CSCA™
 
Audit process
Audit processAudit process
Audit processNext Generation Security Agency
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing PresentationVernon Benjamin
 
Audit documentation
Audit documentationAudit documentation
Audit documentationVenkatesan Murali
 
Auditing in computerized environment.pptx
Auditing in computerized environment.pptxAuditing in computerized environment.pptx
Auditing in computerized environment.pptxinfantemiliya18
 
Audit Report
Audit ReportAudit Report
Audit ReportRafidah Yusuf
 
Audit report
Audit reportAudit report
Audit reportReal Estate Services
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditinggrifff
 
Payment verification audit program
Payment verification audit programPayment verification audit program
Payment verification audit programwijdan79
 
Financial audit
Financial auditFinancial audit
Financial auditEMAC Consulting Group
 

Contenu connexe

Tendances

Chapter audit report
Chapter audit reportChapter audit report
Chapter audit reportEasyStudy3
 
Internal and external audit
Internal and external audit Internal and external audit
Internal and external audit Sundar B N
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015Mohammad Kashif
 
Audit Process, Audit Procedures, Audit Planning, Auditing
Audit Process, Audit Procedures, Audit Planning, AuditingAudit Process, Audit Procedures, Audit Planning, Auditing
Audit Process, Audit Procedures, Audit Planning, AuditingAdvance Business Consulting
 
planning process in audit ppt
planning process in audit pptplanning process in audit ppt
planning process in audit pptKunalPatel257
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing PresentationVernon Benjamin
 
Auditing in computerized environment.pptx
Auditing in computerized environment.pptxAuditing in computerized environment.pptx
Auditing in computerized environment.pptxinfantemiliya18
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditinggrifff
 

Tendances (20)

Audit procedures
Audit proceduresAudit procedures
Audit procedures
 
Chapter audit report
Chapter audit reportChapter audit report
Chapter audit report
 
Audit planning
Audit planningAudit planning
Audit planning
 
Presentation on New Auditor Report
Presentation on New Auditor ReportPresentation on New Auditor Report
Presentation on New Auditor Report
 
Internal and external audit
Internal and external audit Internal and external audit
Internal and external audit
 
Audit procedures
Audit proceduresAudit procedures
Audit procedures
 
The Internal Audit Framework
The Internal Audit FrameworkThe Internal Audit Framework
The Internal Audit Framework
 
Internal Audit Plan 2015
Internal Audit Plan 2015Internal Audit Plan 2015
Internal Audit Plan 2015
 
Audit Process, Audit Procedures, Audit Planning, Auditing
Audit Process, Audit Procedures, Audit Planning, AuditingAudit Process, Audit Procedures, Audit Planning, Auditing
Audit Process, Audit Procedures, Audit Planning, Auditing
 
planning process in audit ppt
planning process in audit pptplanning process in audit ppt
planning process in audit ppt
 
Internal audit ppt
Internal audit pptInternal audit ppt
Internal audit ppt
 
AUDIT EVIDENCE
AUDIT EVIDENCE AUDIT EVIDENCE
AUDIT EVIDENCE
 
Ch 13. substantive procedures
Ch 13. substantive proceduresCh 13. substantive procedures
Ch 13. substantive procedures
 
Audit process
Audit processAudit process
Audit process
 
Basic Internal Auditing Presentation
Basic Internal Auditing PresentationBasic Internal Auditing Presentation
Basic Internal Auditing Presentation
 
Audit documentation
Audit documentationAudit documentation
Audit documentation
 
Auditing in computerized environment.pptx
Auditing in computerized environment.pptxAuditing in computerized environment.pptx
Auditing in computerized environment.pptx
 
Audit Report
Audit ReportAudit Report
Audit Report
 
Audit report
Audit reportAudit report
Audit report
 
An introduction to internal auditing
An introduction to internal auditingAn introduction to internal auditing
An introduction to internal auditing
 

En vedette

Payment verification audit program
Payment verification audit programPayment verification audit program
Payment verification audit programwijdan79
 
Audit Documentation Presentation
Audit Documentation PresentationAudit Documentation Presentation
Audit Documentation PresentationKarim70
 
Topic 6 audit documentation
Topic 6 audit documentationTopic 6 audit documentation
Topic 6 audit documentationsakura rena
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraJenard Wachira
 
audit sampling notes
audit sampling notesaudit sampling notes
audit sampling notesstudent
 
Audit planning- Review Questionnaire.
Audit planning- Review Questionnaire.Audit planning- Review Questionnaire.
Audit planning- Review Questionnaire.Magnolia Raz
 
Internal control system
Internal control systemInternal control system
Internal control systemMadiha Hassan
 
Topic 2 objectives and scope of financial statement audit
Topic 2 objectives and scope of financial statement auditTopic 2 objectives and scope of financial statement audit
Topic 2 objectives and scope of financial statement auditsakura rena
 
Type of auditing
Type of auditingType of auditing
Type of auditingDharmik
 
Topic 4 internal control system (ics)
Topic 4 internal control system (ics)Topic 4 internal control system (ics)
Topic 4 internal control system (ics)sakura rena
 
Topik 8 Audit Sampling
Topik 8 Audit SamplingTopik 8 Audit Sampling
Topik 8 Audit SamplingDania Johan
 
The 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit ProgrammeThe 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit ProgrammeCraig Thornton
 
Audit programme
Audit programmeAudit programme
Audit programmeKumandan
 
BMC Remedy ITSM 8.0 What's New
BMC Remedy ITSM 8.0 What's NewBMC Remedy ITSM 8.0 What's New
BMC Remedy ITSM 8.0 What's NewBMC Software
 
management letter
management lettermanagement letter
management letter19970116
 

En vedette (20)

Payment verification audit program
Payment verification audit programPayment verification audit program
Payment verification audit program
 
Financial audit
Financial auditFinancial audit
Financial audit
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
 
Audit Documentation Presentation
Audit Documentation PresentationAudit Documentation Presentation
Audit Documentation Presentation
 
Topic 6 audit documentation
Topic 6 audit documentationTopic 6 audit documentation
Topic 6 audit documentation
 
Bmc presentation
Bmc presentationBmc presentation
Bmc presentation
 
Internal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo WachiraInternal Audit And Internal Control Presentation Leo Wachira
Internal Audit And Internal Control Presentation Leo Wachira
 
audit sampling notes
audit sampling notesaudit sampling notes
audit sampling notes
 
Audit planning- Review Questionnaire.
Audit planning- Review Questionnaire.Audit planning- Review Questionnaire.
Audit planning- Review Questionnaire.
 
Internal control system
Internal control systemInternal control system
Internal control system
 
Topic 2 objectives and scope of financial statement audit
Topic 2 objectives and scope of financial statement auditTopic 2 objectives and scope of financial statement audit
Topic 2 objectives and scope of financial statement audit
 
Type of auditing
Type of auditingType of auditing
Type of auditing
 
Topic 4 internal control system (ics)
Topic 4 internal control system (ics)Topic 4 internal control system (ics)
Topic 4 internal control system (ics)
 
Topik 8 Audit Sampling
Topik 8 Audit SamplingTopik 8 Audit Sampling
Topik 8 Audit Sampling
 
The 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit ProgrammeThe 7 Keys to an Effective Audit Programme
The 7 Keys to an Effective Audit Programme
 
Workshop presentation on internal control and internal audit by Jose Viegas R...
Workshop presentation on internal control and internal audit by Jose Viegas R...Workshop presentation on internal control and internal audit by Jose Viegas R...
Workshop presentation on internal control and internal audit by Jose Viegas R...
 
Audit programme
Audit programmeAudit programme
Audit programme
 
04 Audit documentation
04 Audit documentation 04 Audit documentation
04 Audit documentation
 
BMC Remedy ITSM 8.0 What's New
BMC Remedy ITSM 8.0 What's NewBMC Remedy ITSM 8.0 What's New
BMC Remedy ITSM 8.0 What's New
 
management letter
management lettermanagement letter
management letter
 

Similaire à Sample audit plan

Whitepaper-Minimising Customer Impact on Bank Mergers
Whitepaper-Minimising Customer Impact on Bank MergersWhitepaper-Minimising Customer Impact on Bank Mergers
Whitepaper-Minimising Customer Impact on Bank MergersSinjo Alex
 
Auditing Systems Development
Auditing Systems DevelopmentAuditing Systems Development
Auditing Systems Developmentessbaih
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.gueste080564
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.renetta
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computingguestc1bca2
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Microsoft General - Checklist for Financial Institutions in Angola.pdf
Microsoft General - Checklist for Financial Institutions in Angola.pdfMicrosoft General - Checklist for Financial Institutions in Angola.pdf
Microsoft General - Checklist for Financial Institutions in Angola.pdfadanilsoafricanocarv
 
Digital Strategy and Transformation
Digital Strategy and TransformationDigital Strategy and Transformation
Digital Strategy and TransformationGustavoVelandia3
 
WT19: An Amazing Lightning Transition in Review
WT19: An Amazing Lightning Transition in ReviewWT19: An Amazing Lightning Transition in Review
WT19: An Amazing Lightning Transition in ReviewSalesforce Admins
 
Running head The REA Approach1The REA Approach8The REA Approa.docx
Running head The REA Approach1The REA Approach8The REA Approa.docxRunning head The REA Approach1The REA Approach8The REA Approa.docx
Running head The REA Approach1The REA Approach8The REA Approa.docxtodd521
 
Legal Transformation and Contract Remediation
Legal Transformation and Contract RemediationLegal Transformation and Contract Remediation
Legal Transformation and Contract Remediationaccenture
 
WLS Services Brochure March 2013
WLS Services Brochure March 2013WLS Services Brochure March 2013
WLS Services Brochure March 2013Mike Wright
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxdewhirstichabod
 
Due Week 4 and worth 120 points This assignment consists of two .docx
Due Week 4 and worth 120 points This assignment consists of two .docxDue Week 4 and worth 120 points This assignment consists of two .docx
Due Week 4 and worth 120 points This assignment consists of two .docxsagarlesley
 
Measuring Quality of IT Services
Measuring Quality of IT ServicesMeasuring Quality of IT Services
Measuring Quality of IT ServicesiCore Limited
 
Presentation to the AEA (June 23)
Presentation to the AEA (June 23) Presentation to the AEA (June 23)
Presentation to the AEA (June 23) Daljit Banger
 
No Choice But to Comply - FATCA
No Choice But to Comply - FATCA No Choice But to Comply - FATCA
No Choice But to Comply - FATCAThinksoft Global
 

Similaire à Sample audit plan (20)

Whitepaper-Minimising Customer Impact on Bank Mergers
Whitepaper-Minimising Customer Impact on Bank MergersWhitepaper-Minimising Customer Impact on Bank Mergers
Whitepaper-Minimising Customer Impact on Bank Mergers
 
James hall ch 15
James hall ch 15James hall ch 15
James hall ch 15
 
Auditing Systems Development
Auditing Systems DevelopmentAuditing Systems Development
Auditing Systems Development
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
The Use of Spreadsheets: As it relates to Section 404 of the Sarbanes-Oxley Act.
 
Technology Controls in Business - End User Computing
Technology Controls in Business - End User ComputingTechnology Controls in Business - End User Computing
Technology Controls in Business - End User Computing
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
Microsoft General - Checklist for Financial Institutions in Angola.pdf
Microsoft General - Checklist for Financial Institutions in Angola.pdfMicrosoft General - Checklist for Financial Institutions in Angola.pdf
Microsoft General - Checklist for Financial Institutions in Angola.pdf
 
Digital Strategy and Transformation
Digital Strategy and TransformationDigital Strategy and Transformation
Digital Strategy and Transformation
 
WT19: An Amazing Lightning Transition in Review
WT19: An Amazing Lightning Transition in ReviewWT19: An Amazing Lightning Transition in Review
WT19: An Amazing Lightning Transition in Review
 
Running head The REA Approach1The REA Approach8The REA Approa.docx
Running head The REA Approach1The REA Approach8The REA Approa.docxRunning head The REA Approach1The REA Approach8The REA Approa.docx
Running head The REA Approach1The REA Approach8The REA Approa.docx
 
Legal Transformation and Contract Remediation
Legal Transformation and Contract RemediationLegal Transformation and Contract Remediation
Legal Transformation and Contract Remediation
 
Systems request
Systems requestSystems request
Systems request
 
WLS Services Brochure March 2013
WLS Services Brochure March 2013WLS Services Brochure March 2013
WLS Services Brochure March 2013
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
 
Due Week 4 and worth 120 points This assignment consists of two .docx
Due Week 4 and worth 120 points This assignment consists of two .docxDue Week 4 and worth 120 points This assignment consists of two .docx
Due Week 4 and worth 120 points This assignment consists of two .docx
 
Measuring Quality of IT Services
Measuring Quality of IT ServicesMeasuring Quality of IT Services
Measuring Quality of IT Services
 
Presentation to the AEA (June 23)
Presentation to the AEA (June 23) Presentation to the AEA (June 23)
Presentation to the AEA (June 23)
 
No Choice But to Comply - FATCA
No Choice But to Comply - FATCA No Choice But to Comply - FATCA
No Choice But to Comply - FATCA
 
Solvency II Offering
Solvency II Offering Solvency II Offering
Solvency II Offering
 

Plus de Maher Manan

SONY MICRO AND MACRO ENVIRONMENT
SONY MICRO AND MACRO ENVIRONMENTSONY MICRO AND MACRO ENVIRONMENT
SONY MICRO AND MACRO ENVIRONMENTMaher Manan
 
DABUR MICRO AND MACRO ENVIRONMENT
DABUR MICRO AND MACRO ENVIRONMENTDABUR MICRO AND MACRO ENVIRONMENT
DABUR MICRO AND MACRO ENVIRONMENTMaher Manan
 
pakistan vs sri Lanka
pakistan vs sri Lankapakistan vs sri Lanka
pakistan vs sri LankaMaher Manan
 
Ufone u paisa presentation
Ufone u paisa presentationUfone u paisa presentation
Ufone u paisa presentationMaher Manan
 
purpose of product catalog
purpose of product catalog purpose of product catalog
purpose of product catalog Maher Manan
 
Electronic wallets and payment system
Electronic wallets and payment systemElectronic wallets and payment system
Electronic wallets and payment systemMaher Manan
 
webserver overload
webserver overload webserver overload
webserver overload Maher Manan
 
Not for profit organizations
Not for profit organizationsNot for profit organizations
Not for profit organizationsMaher Manan
 
E-commerce business models
E-commerce business modelsE-commerce business models
E-commerce business modelsMaher Manan
 
why suzuki liana flop?
why suzuki liana flop?why suzuki liana flop?
why suzuki liana flop?Maher Manan
 
Reason of failure paktel
Reason of failure paktel Reason of failure paktel
Reason of failure paktel Maher Manan
 
DOVE PRICING STRATEGIES
DOVE PRICING STRATEGIESDOVE PRICING STRATEGIES
DOVE PRICING STRATEGIESMaher Manan
 
KNORR PRICING STRATEGIES
KNORR PRICING STRATEGIESKNORR PRICING STRATEGIES
KNORR PRICING STRATEGIESMaher Manan
 
Magnum PRICING STRATEGIES
Magnum PRICING STRATEGIESMagnum PRICING STRATEGIES
Magnum PRICING STRATEGIESMaher Manan
 
surf excel marketing strategy
surf excel marketing strategysurf excel marketing strategy
surf excel marketing strategyMaher Manan
 

Plus de Maher Manan (18)

SONY MICRO AND MACRO ENVIRONMENT
SONY MICRO AND MACRO ENVIRONMENTSONY MICRO AND MACRO ENVIRONMENT
SONY MICRO AND MACRO ENVIRONMENT
 
DABUR MICRO AND MACRO ENVIRONMENT
DABUR MICRO AND MACRO ENVIRONMENTDABUR MICRO AND MACRO ENVIRONMENT
DABUR MICRO AND MACRO ENVIRONMENT
 
pakistan vs sri Lanka
pakistan vs sri Lankapakistan vs sri Lanka
pakistan vs sri Lanka
 
U paisa ufone
U paisa ufoneU paisa ufone
U paisa ufone
 
Ufone u paisa presentation
Ufone u paisa presentationUfone u paisa presentation
Ufone u paisa presentation
 
Pakage limited
Pakage limitedPakage limited
Pakage limited
 
purpose of product catalog
purpose of product catalog purpose of product catalog
purpose of product catalog
 
Electronic wallets and payment system
Electronic wallets and payment systemElectronic wallets and payment system
Electronic wallets and payment system
 
webserver overload
webserver overload webserver overload
webserver overload
 
Not for profit organizations
Not for profit organizationsNot for profit organizations
Not for profit organizations
 
E-commerce business models
E-commerce business modelsE-commerce business models
E-commerce business models
 
why suzuki liana flop?
why suzuki liana flop?why suzuki liana flop?
why suzuki liana flop?
 
Reason of failure paktel
Reason of failure paktel Reason of failure paktel
Reason of failure paktel
 
Omang Lassi
Omang Lassi Omang Lassi
Omang Lassi
 
DOVE PRICING STRATEGIES
DOVE PRICING STRATEGIESDOVE PRICING STRATEGIES
DOVE PRICING STRATEGIES
 
KNORR PRICING STRATEGIES
KNORR PRICING STRATEGIESKNORR PRICING STRATEGIES
KNORR PRICING STRATEGIES
 
Magnum PRICING STRATEGIES
Magnum PRICING STRATEGIESMagnum PRICING STRATEGIES
Magnum PRICING STRATEGIES
 
surf excel marketing strategy
surf excel marketing strategysurf excel marketing strategy
surf excel marketing strategy
 

Dernier

Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 

Dernier (20)

Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 

Sample audit plan

  • 1. Audit Scope The objective of this audit is to assist UNCCG in reviewing its enterprise data warehouse technology platform. The scope of work for this audit will consist of <XXXX> hours of professional services and the objectives for this audit will include a review of the following control points:  Data Warehouse Management o Data Warehouse Governance o Financial Management o Risk Management o Human Resources o Portfolio Project Management  Data Warehouse Operations o DW Architecture and Integration o Systems Development and Testing o Change Management o System Monitoring o Problem Management o Logical Security o Data Transmission o Metadata  Business Integration o Service Delivery (Business Process Integration and Analysis) o Project Management o Help Desk Audit Approach Our approach for the execution of this audit engagement will consist of interviews with key employees, review of documents, inspections, data extractions and the usage of applicable audit tools. The audit will consist of the components described below. The phases are listed in sequential order and should provide an overview of the sequencing of the proposed engagement. Phase description Deliverables 1. Mobilization phase– GF Consulting will perform the following:  Develop and provide to UNCCG an advanced data request (ADR) of the relevant documents and materials that will support our fieldwork.  Develop and provide to UNCCG an initial interview list of those business and IT professionals that we anticipate • Advanced data requests (see appendix for a sample request) • Interview lists of key employees that we would like to interview (see appendix for a sample list) • Detailed Audit Program document(s) for each of
  • 2. needing to meet with in order to perform this audit.  Develop an audit program to guide activities during the course of this audit. The audit program guide should include a list of the controls that would be reviewed along with a defined approach for understanding the design of the control and how it would be tested to determine if it was operating effectively. the following areas: Data Warehouse Management, Data Warehouse Operations and Business Integration. 2. Execution phase – Once the audit program has been finalized, and the appropriate resources have been identified, fieldwork will proceed in accordance with the audit plan. • Results from the execution of the detailed Audit Program • Working papers that support the results from the detailed Audit Program 3. Reporting phase – All IT audit work is summarized in the IT audit report. Our team will compile and present a draft report to UNCCG management within three weeks of completing the execution phase. The purpose of this draft is discussion and incorporation of any comments prior to issuing a final report to UNCCG. • Draft report for discussion containing an executive summary, audit findings and recommendations for improvement. • Final report with edits and comments from UNCCG management Risk Assessment Based on the information provided by UNCCG during our initial conversation, combined with our understanding about the business environment in which UNCCG operates, we have formulated the following risk considerations that we understand are relevant to your business. Our goal is to incorporate these risk considerations in our audit program to be developed in the Mobilization Phase of this engagement. Risk category: Regulatory Risk 1 As a publicly traded company, UNCCG is subject to compliance with the Sarbanes-Oxley Act of 2002 (SOX). As a result, UNCCG’s management must: • Accept responsibility for the effectiveness of the company’s internal control over financial reporting. • Evaluate the effectiveness of the company’s internal control over financial reporting using suitable control criteria. • Support is evaluation with sufficient evidence, including documentation.
  • 3. • Present a written assessment of the effectiveness of the company’s internal control over financial reporting as of the end of the company’s most recent fiscal year. Although this legal requirement may not have a direct impact on the data warehouse applications subject to this audit, once it is not categorized as a “financial reporting related” application, it may have an indirect impact in the case that technology infrastructure is common among the financial reporting systems and the data warehouse applications. Technology infrastructure (operations, security, processes, people) that support financial reporting systems are subject to SOX compliance requirements. Risk category: Techonology/Reputational Risk 2 Privacy regulations The Personal Data Privacy & Security Act of 2005 bill states that organizations must “adopt reasonable procedures to ensure the security, privacy and confidentiality of personally identifiable information” and notify relevant governing bodies when security breaches occur. The bill also states that, if there is reason to believe the stolen data can be used for identity theft, then the organization must make public notification. We have seen increased pressure in the marketplace pushing companies to move to a better defined and better controlled data privacy controls environment. We understand that a significant portion of UNCCG’s revenue comes from check cards, credit and debit card transactions on which some consumer information is collected, processed and may or may not be stored. It is our understanding that payment information processing is processed externally. In addition, UNCCG’s consumer loyalty program collects and stores consumer private information such as telephone numbers, addresses, names and a history of purchases. Based on those facts, we understand that current and future privacy regulations are a relevant risk to the business at UNCCG that has both a regulatory impact and also a brand impact, given that fact that future privacy breaches will be required to be made public. Risk category: Operational Risk 3 External Vendor’s access to enterprise data Based on the information provided by UNCCG during our initial conversations, we understand that credit and debit card payment processing is outsourced with an external vendor. In addition, UNCCG indicated that it relies on a third party vendor, located in India, to perform program change and program development functions for the data warehouse (DW) management system. This external vendor has remote access to the UNCCG environment. We understand that, even though UNCCG has outsourced program change and program development functions to a third party vendor, it is still responsible for ensuring the accuracy, completeness and appropriateness of program changes and developments on the DW environment. In order to perform their business function, both these vendors will have the ability to get access to sensitive enterprise data including consumer information. Based on that fact, we consider that this is a relevant risk to the company’s IT environment.
  • 4. Risk category: Credit Risk/Technology Risk 4 Unavailability of credit and/or debit card processing application We understand that a significant portion of UNCCG’s revenue comes from check cards, credit cards and debit cards transactions, which are processed externally (for approval purposes) and stored by one of the company’s mainframe based systems (for reconciliation and historic purposes). Unavailability of either the external processing vendor or of the mainframe-based system would cause point of sales systems (POS) at the stores to operate in an “offline mode” and only cash payments would be allowed, until functionality is completely restored. Based on that information, we consider that unavailability of card payment applications is a relevant risk to the business that has a direct impact on the customer’s perception of quality of service and a direct impact on sales. Communications Through regular meetings and ongoing communication with management, we will establish a relationship of openness and teamwork through which we can discuss significant audit findings, recommendations for improving internal controls or operations, and current industry issues (or any other issues management wishes to discuss), and ultimately develop solid solutions without surprises. We commit to holding regular meetings with management, both formally and informally, to foster such a relationship. Management letters and communication are an important element of professional service. It is our policy to discuss our findings and recommendations with the appropriate members of management prior to issuance so that we can verify factual accuracy. Our final report will only include findings and recommendations considered significant. Other matters will be communicated throughout the engagement and during our regular meetings and fieldwork. Planned schedule GF Consulting estimates this engagement will require approximately xxxx weeks of effort, and we are prepared to begin fieldwork on a date mutually agreed upon with UNCCG. In addition, we understand the final report for this audit must be completed no later than July 15, 2006.
  • 5. APPENDIX I – Sample Advanced Data Request The following information would be helpful in evaluating the existing data warehouse environment to the extent it already exists. 1. Organization Charts a. Technology (Development and Operations) b. Business 2. Telephone Directory 3. User Documentation a. Data warehouse user training guides b. Data warehouse user operational manuals 4. Systems documentation a. Application architecture (including an explanation of any automated interfaces) b. Systems operations overview (platform and network) c. Third party vendor agreements 5. Management procedures and policies a. Operations Management (system monitoring, maintenance, and or scheduled support) b. Information Security (logical access) c. Change Management (change control and configuration management) d. Business Continuity Plan(s) e. Disaster Recovery Plan(s) f. Problem Management
  • 6. APPENDIX II – Sample Interview request The following is a list of individuals we anticipate will be likely requested to participate in a one-hour interview with one of our team member. Shedule will be arranged by our team in observance to UNCCG’s personnel commitments and priorities. Other interviews may be determined necessary as we make progress and we will make our best efforts to communicate this as soon as possible so it can be scheduled in a non-disruptive manner. Individual Role Jerry Lewis Chief Information Officer Brunno Rodriguez Chief Security Officer Chris Poknis Vendor Relationship Manager Andy Tatum IT Operations Manager Andrew Deloach Database Administrator (DBA) Chris Maiden Data Warehouse Lead Mike Maher Data Warehouse Service Delivery Manager Josh Smith Data Warehouse Architect Amanda Fernandez SAP Project Lead Steve Lucas Data Warehouse Senior Analyst
  • 7. APPENDIX II – Sample Interview request The following is a list of individuals we anticipate will be likely requested to participate in a one-hour interview with one of our team member. Shedule will be arranged by our team in observance to UNCCG’s personnel commitments and priorities. Other interviews may be determined necessary as we make progress and we will make our best efforts to communicate this as soon as possible so it can be scheduled in a non-disruptive manner. Individual Role Jerry Lewis Chief Information Officer Brunno Rodriguez Chief Security Officer Chris Poknis Vendor Relationship Manager Andy Tatum IT Operations Manager Andrew Deloach Database Administrator (DBA) Chris Maiden Data Warehouse Lead Mike Maher Data Warehouse Service Delivery Manager Josh Smith Data Warehouse Architect Amanda Fernandez SAP Project Lead Steve Lucas Data Warehouse Senior Analyst