Information Technology - Resource Management
Effectiveness and efficiency of operations
A. An internal audit of IT activities is performed regularly.
- Is internal audit involved in quality assurance reviews during significant phases of systems development?
- Does internal audit conduct post installation audits of recently completed systems development and installation projects to assess whether the designed functional and operational specifications have been achieved?
- Is internal audit engaged in the designing, testing, and implementation of controls in new application systems and major modifications of existing software?
- Is internal audit authorized to prepare control design guidelines for the systems development methodology?
- Is internal audit engaged in the development of test data and engage them in the actual testing of controls?
- Is an internal audit review conducted of application systems and compliance tests of controls?
- Are select applications systems reviewed regularly for compliance with internal controls and review other applications systems on a rotating basis?
- Does internal audit review program logic to determine whether they are coded correctly and whether specified techniques or processing steps are included?
- Does internal audit review systems maintenance and testing documents?
- Is internal audit engaged in developing the system test policies and in the actual testing of system changes?
- Is internal audit's use of computer assisted audit techniques (CAATs) leveraged?
- Is internal audit's use of generalized or custom audit software, utility programs, time-sharing programs, and other forms of CAATs within the audit process leveraged?
- Does internal audit use test data, integrated test facilities, or embedded audit modules
to test programmed internal control techniques and
critical processing procedures?