Search Keywords

Access to Programs and Data Audit Work Program

screenshot of the first page of Access to Programs and Data Audit Work Program

Examining Controls Over Program and Data Availability

Our Access to Programs and Data Audit Work Program provides a comprehensive framework for evaluating IT general controls (ITGCs) within modern financial reporting environments. This structured tool organizes the audit lifecycle into a clear sequence, from initial project planning and fieldwork to the final issuance of local and worldwide reports. It focuses on verifying that information security practices are consistently applied and that logical and physical access to sensitive computing resources is appropriately restricted through authentication and authorization mechanisms. Key sections guide you through testing user account lifecycles—including additions, modifications, and deletions—while ensuring that proper segregation of duties is maintained. By defining the nature, timing and extent of testing procedures, this program helps teams reach reliable conclusions regarding the operating effectiveness of internal controls.

The greatest value of this resource is its ability to streamline complex documentation while maintaining alignment with PCAOB Auditing Standards and AICPA guides. It goes beyond basic checklists by providing a methodology for reviewing management’s own testing procedures to ensure their findings are adequately supported and any deficiencies are appropriately followed up on. Additionally, the tool includes dedicated procedures for rolling forward interim testing to period end, ensuring a complete audit trail for the entire reporting cycle. Offering a standardized approach to identifying and documenting the impact of control deficiencies, this work program empowers audit teams to deliver high-quality, professional assessments that stand up to regulatory scrutiny.

Key audit steps include:

  • Determine that controls used to provide appropriate segregation of duties within key processes exist and are followed.
  • Document the impact of any deficiencies on the planned testing of operating effectiveness of other controls.
  • Document the procedures to be performed to conclude on the operating effectiveness of the controls identified.

Topics

Related Resources

Risk & Control Matrices - RCMs

Manage Security and Privacy RCM

Checklists & Questionnaires

IT General Controls Questionnaire

Benchmarking Tools

Audit Data Analytics Leading Practices