Title Page

1651 Words7 Pages
General Controls
The general controls should be implemented before application controls as they are much more cost effective for Shopathon. They should be implemented and carried out efficiently by the IT Department. Furthermore, there seem to be some issues with the current software system, including a high human error rate, a lack of segregation of duties and a lower than standard accurate transfer process from input to output. As this is a first time audit of Shopathon, it is highly recommended to perform substantive procedures as the current controls cannot be relied upon until they have been assessed appropriately. It should also be noted that a change in software systems before the year end would require more substantive procedures, while a change in software systems after year end would be followed upon during the subsequent year.

In order to assess the general controls of Shopathon, there are some questions we would need to discuss with the client to determine how effective they are. For example, we would inquire the IT department to find out whether they have a disaster recovery plan in place and then determine its effectiveness. Upon this, we would need to find out what version of the current software is being used in order to be able to compare it with the newer software system.

The following procedures will need to be performed on each of the controls to determine any deficiencies and follow up with recommendations.

Processing Officer Timely Basis Checks
Test: will we test this control by inspecting the processing officer through a sample of days throughout the year to make sure that they are actually performing checks on the entry clerks.
Deficiency: it is possible that, even though the auditor checks a sample of ...

... middle of paper ...

...nt more secure, to prevent any form of fraud attempts.

Inactive User Accounts
Test: I will perform a series of tests by creating or using inactive accounts (given permission) to determine whether, upon access, the user is sent a notification that their account has been accessed. I will also not reply to one of these emails to determine whether a Shopathon staff members calls me to determine proper authentication. I will also check Shopathon’s system logs to determine that all accesses performed by me have the time and date stamped accurately.
Deficiency: There may be an issue with the amount of time that has been passed before an account becomes inactive. In this generation, users tend to access their accounts frequently.
Recommendation: I recommend setting the inactivity period to less than 8 months, for example, to prevent any form of fraud or unauthorized access.

More about Title Page

Open Document