Information Technology Audit Universe - DOC

Description

Information Technology Audit Universe document sample

Shared by: zzy11091

Tags

Information technology audit, information technology, internal audit, Audit Services, information systems, information systems audit, financial statement audit, Risk Assessment, audit report, computer audits

Stats

views:: 164
posted:: 3/1/2011
language:: English
pages:: 2

Public Domain

Document Sample

DEPARTMENT OF ADMINISTRATIVE SERVICES
Annual Risk Assessment and Planned Internal Audit Coverage Report
Fiscal Year Ending June 30, 2005

REPORT EXAMPLE
PURPOSE
To present a summary of Internal Audit’s risk assessment process, results and planned auditing coverage for the
Department of Administrative Services.

AGENCY OVERVIEW
Mission The mission of the Department of Biennial Expenditures: $104,000,000
Administrative Services is to provide Dollar Value of Cash
leadership and accountability in the sound Items Processed Annually: $500,000
delivery of state government services to Number of FTE: 400
Oregonians.

INTERNAL AUDIT ATTRIBUTES
Purpose By Statute, Rule, Policy, the DAS Internal Audit Section is required to audit/review/report on an annual
basis the following:
 Review of DAS SPOTS card purchases
 Annual Report on Audit Corrective Actions
 Review of Externally Reported Performance Measurement Outcomes
 Review of Regulatory Function to Streamlining
 Assessment of DAS Performance Measurement System Integrity

Organizational Independence,
Structure & Resources The Chief Audit Executive reports to the director, but has unrestricted access to
the commission/board, etc., via the audit committee.
Internal Audit is comprised of two senior auditors and the chief, (3 FTE).
Available audit hours are 4,368.

Audit Standards International Standards for the Professional Practice of Internal Auditing (IIA -
Red Book) Government Auditing Standards (GAO - Yellow Book), and
Information Technology Auditing Standards (ISACA).
RISK ASSESSMENT

Frequency Performed Risk assessments are conducted annually and we attempt to cover all significant risks
within our normal audit cycle.
Process & Methodology Risks were identified for the annual Audit Plan by using a risk assessment model and
considering the input received from management, audit committee members and the
Office of the Secretary of State. We classify risks as High, Medium, or Low.

Audit Universe Our audit universe includes all activities of the Department of Administrative
Services. We manage the audit universe based on seven distinct audit entities
(departments). We have identified over 75 auditable areas within the audit entities,
and have developed control objectives for each area.
Audit Cycle 3 Years - the last risk assessment was completed in 2003. Our current risk
assessment includes all divisions within DAS: e.g., Director’s Office, IRMD, HRSD,
Operations, Facilities, SCD, Personnel, Payroll, State Procurement, etc.
RA/Audit Plan – Hours to The risk assessment and annual audit plan required 120 hours of audit staff time to
Complete complete.

THIS DOCUMENT IS A TEMPLATE. INFORMATION IS FICTICIOUS 1
DEPARTMENT OF ADMINISTRATIVE SERVICES
Annual Risk Assessment and Planned Internal Audit Coverage Report
Fiscal Year Ending June 30, 2005

FY05 AUDIT PLAN (AUDIT TOPICS WERE SELECTED BASED UPON LEVEL OF RISK OR AS MANDATED
BY RULE)

1. Procurement Delegation Process
2. Procurement Exemption Process
3. Risk Management Liability Fund
4. Information Technology - E-Commerce
5. Operations Disbursement
6. Information Technology – SDLC
7. Review of DAS SPOTS card purchases

AUDITABLE UNITS (ITEMS INDICATED WITH * PLANNED FOR AUDIT WITHIN 3 YR AUDIT CYCLE)

HIGH MEDIUM LOW

1. Payroll Approval Process *

2. Parking Fees Collection *

3. Leave Documentation Process *

4. Network Security System *

5. Systems Change Approval Process *

6. Rate Setting and Controls

7. Travel Costs

8. Human Resource Training Expenditures

9. Human Resource Certification Process

10. Revenue Collections Process *