System Management Risk Assessment and Control Audit Work Program
Since most financial transactions are processed and maintained in the IT environment, the IT function is critical for all financial audits. This System Management Risk Assessment and Control Audit Work Program will assist audit teams with identifying risks and related controls for logical security administration and monitoring, physical security, change management, problem management, and system availability.
Audit procedures include: identify all methods for accessing the application system to confirm access requires authentication and authorization and is auditable; and obtain and review documented procedures for administering and monitoring access to the application, database, and operating system that hosts the application to verify a standardized control process is in place to facilitate appropriate access.