NCJ Number
67602
Journal
Internal Auditor Volume: 34 Issue: 3 Dated: (JUNE 1977) Pages: 27-34
Date Published
1977
Length
8 pages
Annotation
ASPECTS OF ELECTRONIC DATA PROCESSING (EDP) AUDITS WHICH WILL HELP TO PREVENT COMPUTER MISUSE AND HIGH COST ARE DISCUSSED.
Abstract
PREVENTING ILLEGAL INTRUSION INTO COMPANY FILES, INTENTIONAL OR ACCIDENTAL, SHOULD BE CONSIDERED EARLY IN SYSTEM DESIGN. DETECTING AND MONITORING SYSTEMS FOR MISUSE SHOULD BE CONTINUAL. THE EDP AUDITOR SHOULD BE INVOLVED IN THESE ACTIVITIES. THE AUDITOR CAN ALSO PROVIDE VALUABLE INFORMATION IN THE DESIGN OF A NEW SYSTEM. AN EDP AUDIT PLAN MIGHT INCLUDE AN EVALUATION OF EDP USER SATISFACTION, THE PERFORMANCE OF A RISK ANALYSIS (RISK OF EXPOSURE TO UNAUTHORIZED ACCESS AND MISUSE OF COMPUTER FILES), EVALUATION OF CONSULTING FEES PAID BY THE COMPANY, AND PRESENTATION OF FINDINGS AND SUGGESTIONS TO UPPER MANAGEMENT. THE PRESENTATION TO MANAGEMENT SHOULD INCLUDE INFORMATION SHOWING THE NEED FOR AUDITING, THE OVERALL PLAN, STAFFING REQUIREMENTS, TRAINING PROCEDURES, INITIAL AUDIT, BUDGET, AND AN ANALYSIS OF COST VERSUS BENEFITS. SUPPORT FROM UPPER MANAGEMENT FOR THE DEVELOPMENT OF THE AUDIT PLAN SHOULD BE OBTAINED FOR A GIVEN PERIOD OF TIME, AT THE END OF WHICH A REVIEW OF PROGRESS AND OBJECTIVES WILL BE MADE. WHEN HIRING THE FIRST EDP AUDITOR, AND ORGANIZATION SHOULD MAKE AN EFFORT TO FIND A DEGREED ACCOUNTANT WITH EXPERIENCE IN EDP AND COMPUTER FRAUD PROJECTS. TRAINING SHOULD BE PROVIDED FOR BOTH THE AUDIT MANAGER AND THE AUDITOR. FOR THE FIRST EDP AUDIT, WELL-DEFINED AND ATTAINABLE GOALS SHOULD BE PURSUED. ORGANIZATIONS MUST ANTICIPATE PROBLEMS IN STAFFING, SCHEDULING, LACK OF DOCUMENTATION NECESSARY FOR AN AUDIT, AND THE TEMPTATION TO FORMULATE PREMATURE CONCLUSIONS. (RCB)