This audit program is a tool and template to be used as a road map for the completion of the specific audit process.
Audit Objectives.
The objectives of our audit are to evaluate security and assess strengths and weaknesses of XYZ’s security and access controls XYZ wide to address: confidentiality, integrity, and availability. We will use professional judgment in determining the standards that apply to the work to be conducted. If this engagement will not satisfy the requirements of all audit report users, laws, and regulations, we will notify you as soon as this comes to our attention. 1. To determine if adequate administrative security controls, such as policies and procedures, are in place to deter unauthorized access, alteration, theft, or physical damage to utilities or properties. 2. To determine if adequate physical and logical security controls are in place to restrict access by unauthorized users to specified sections, and determine whether essential security functions are being addressed effectively.
Evaluate the scope of the information security management organization It is not designed to replace or focus on audits that provide assurance of specific configurations or operational processes.
Audit Approach Physical Security of the 3rd Floor of XYZ Company will be audited by QTTR team. The minimum requirements set forth in the General Overview and Risk Assessment section, below, must be completed for the audit to qualify for core audit coverage. Following completion of the general overview and risk assessment, the QTTR auditor will use professional judgment to select specific areas for additional focus and audit testing. Specifically the minimum scope of the risk assessment and audit will include the following as they relate to the 3rd Floor of XYZ Company:
Environmental Controls
Natural Disaster Controls
Supporting Utilities Controls
Physical Protection and Access Controls
Physical Security Awareness and Training
Contingency Plans
The estimated audit time for all sections is 200 hours. This estimate does not including report writing, exit meetings, working paper sign off, and work paper cross referencing.
General Overview and Risk Assessment (60 hours)
For XYZ Company management, general overview procedures will include interviews of department management and key personnel; a review of available logs or documents; evaluation of policies and procedures associated with security and access controls; inventory of compliance requirements; consideration of key operational aspects; and an assessment of the physical environment.
Physical security defines the various measures or controls that protect an organization from a loss caused by theft, fire, flood, intentional destruction, unintentional damage, mechanical equipment failure and power failures. Physical security measures should be sufficient to deal with foreseeable threats.
The following table summarizes audit objectives and corresponding high-level risks to be considered during the general overview.
Audit Objective
Areas of Risk
Obtain an understanding of significant processes and practices employed in maintaining and monitoring physical security for XYZ Company’s utilities and properties. Specifically addressing the following components:
Management philosophy, operating style, and risk assessment practices including:
Awareness and compliance with applicable laws, regulation and polices
Planning and management of physical security resources
Efficiency and Effectiveness Programs
Organizational structure, and delegations of authority and responsibility for physical security standards, policies, and monitoring
Process strengths (best practices), weaknesses, and mitigating controls
Compliance with applicable laws, regulations, policies, and procedures.
The physical security risk assessment processes may not identify key areas of risk including:
Natural disaster such as fire, earthquake, flooding, etc.
Environmental controls such as
of our audit can be greatly influenced by the computer processing of accounting transactions. Some major factors of Apollo computer system that could change the planning in our audit are: complexity of computerized operations- An auditor must factor the software used to process the data of the company. The amount of hardware used by a company could be an indicator as to the complexity of the computer system being utilized. While a company’s system should be examined for complexity an audit team should…
As corporate controller for Apollo Shoes, you are tasked to find and explain any irregularities in the Apollo Shoes Case. Resource: Apollo Shoes Casebook Define the process you will use and address the following assessed classroom discussion questions: What procedures will be used to collect accounting evidence? What sampling tools and techniques will be used for the examination? How will you use analytical and inferential tools to evaluate accounting evidence? Submit your assignment…
Recovery Audit Program (RAC) Christina W. Furbert Devry University HIT230 Health Insurance and Reimbursement Professor Ingram Table of Contents What is RAC?..............................................................................................................................................................3 What type of audits will the RAC program cover?.....................................................................................................3 What could happen if it…
Audit Program Design Part III for Apollo Shoes Crystal Spencer ACC/546 September 24, 2012 Deborah Fitzgerald Thomas Sloan and Spencer Auditing Firm during phase III of Apollo Shoes audit plan, we will focus in two key cycles, which are the following: inventory and warehouse cycle and cash cycle. It is important to understand that are six types of transactions in the inventory and warehouse cycles which are: receive raw materials, store raw…
Conducting Internal Audit Quality Assessments – Best Practices Angela M. Poole, CPA, CGFM Associate Vice President, Finance and Administration Florida A&M University Agenda • Become familiar with IIA Standards related to a Quality Assurance and Improvement Program • Discuss the IIA Framework for Quality (Path to Quality Model) • Discuss the benefits of conducting quality assessments • Review a best practice – State of Texas IIA Study “Quality is never an accident; it is always the result of…
Audit Report The auditor's report is the primary means by which the auditor communicates to investors and other users of audited financial statements regarding its opinion on those statements. discussed its standard-setting initiative on the auditor's reporting model, and outlined plans to conduct outreach to identify additional investor and user needs to present to the Board The auditor is in a unique position to provide relevant and useful information, because of the auditor's extensive knowledge…
performance materiality on all audits. b. Develop overall materiality threshold, and then think about areas of financial statements that user key on for decisions. This requires secondary materiality thresholds. i. Primary benchmark: net income before taxes; misstated percentage ii. Secondary benchmark: current assets, total assets, current liabilities c. Definitions: i. Performance materiality: materiality level slightly lower than true threshold; by using this to plan the audit and make decisions it will…
buyer of an automobile. A regular audit of financial statements will go a long way in reducing the information risk. The advantage of this method is that independent expression of opinion by the auditor on the trueness and fairness of financial information provides a great level of comfort and certainty to the users of financial information. The disadvantage can be that the audit may be a costly affair for small- and medium-sized organizations. A regular audit may reduce the layers involved in the…
AUDIT PLANNING AND STRATEGIC BUSINESS RISK Today’s lecture will cover audit planning, understanding the entity and evaluating business risks. Refer to learning objectives in Chapter 6. We will today cover the following: * Audit planning * Major steps in the audit process * Acceptance and continuance of audit clients including evaluation of potential clients * Communications with a previous auditor * Engagement letters and preliminary conferences/meetings with the client…
Audit Proposal—Kudler Fine Foods Previously Kudler Fine Foods had asked accounting firm 123 Accounting for their recommendation on a system which would improve automation in their business processes. Accounting firm 123 Accounting provided Kudler with a recommended course of action to take towards automating their accounting information system, as well as provided a flowchart to assist in describing the process by which the software will help management consolidate their financial data. Currently…