Laserfiche WebLink
SECTION 4: SPECIFIC AUDIT APPROACH AND METHODOLOGY, <br />D EDP A i our consults twill r 'd th A+. t th ' I- ' d I <br />ur <br />a JIBS <br />Approach n p ow e e au r eam o in rma on an too s necessary <br />to evaluate the strengths and weaknesses of the City's electronic data <br />MGO's engagement team processing (EDP) controls. This information is used by the assurance team to <br />includes an EDP consultant that develop its audit plans and determines h ow the team executes its financial <br />will examine the integrity and statement audits. Our review of the EDP general controls encompasses the <br />reliability of financial systems from following areas <br />different angles. Our approach _ <br />uses a comprehensive assessment Qxgaa?I?Zoe ion'. <br />$ardlWaX@ and _ <br />of the various aspects of the atti O iie>?a d4 a6 <br />lss Qft1N?r? <br />IT environment that affect the Ideflfificat o_n ald ?aluatron±oe ; t7et@r?nfiiarion arryvheherr <br />accuracy and completeness of opefauonal structure to determine . ' liard?45ro controls prgwded by tho'' <br />financial data. We conduct our w)tether there rs adequate segregattorr eyutpmeat vendor aro usecto the <br />assessments using custom tailored of rduties and functrons In addrtronpp[apr ate Pxtent aril whether <br />tools that take Into consideration ourtools wJfl ass?stip detern mEpg °syster,?_$oftwarea s bi0cted to <br />the complexity and unique nature , bather pesonneE=q0lrficatons_and_ the sarria`contrbl'proc$lures <br />of our client's operations. Our controls ensure rfffeetrve func#ioning those applied to changing; testing; <br />; <br />evaluation and assessment is of the City!s_mfnrmatrontechnology _ - <br />and rrnplntentrng?applicatons <br />based on physical observation rPSOUrces" .1 hrs would inciuae the <br />and testing, qualitative and revtow 0f backup prUedures'for all ; - ` <br />quantitative assessments, reviews cntieaJ files.`' <br /> <br />of documentation and actual - <br />- <br />f * _ <br />practices, and other IT performance 1 <br />data. Our recommendations are Sys #e <br />?0Mt1?AA1L <br />based on industry best practices D6,001opmen D`etermJnattop arid=evaluation of ttie <br /> <br />and use our industry knowledge of _r <br />Ma?i>enance <br />corr3mulaicatrons hardti?areisoft?vare; <br />similar entities to produce practical <br />a>{dl ?ocl><utexratia'It> aril related controls to ensure all <br />solutions that affect positive <br /> <br />change. <br />De#ermmation and evaluation on <br />- -_ .. - data are authPrize d; accurately <br /> <br />transmitted andrreviewed and <br /> t?ho ner there are rocedure? to si fficient{y pt4tecfed <br /> ensure that the developmen_of. <br />new <br /> system$ and=maJnerance,and changes <br />- <br /> to exWlrig <br />systems,are appropTiately <br /> auth'gnzed tested •atd implemented: - <br /> (,?Iso a dPtern-nnatron on,wliether - <br /> <br />opriatc documentation exists for <br />. <br />app) <br /> the applications, <br /> ,i?cce§s DAtc and _ <br /> Determinatiorton w )etheracce?s to ' Pi6Ce a? <br /> data fEfes softvyare, hardware -and <br />" Detenrnnati_on on ?Uhother there - _ <br /> ctQCUrnentatign is <br />reincted to properly are cgnirols to ensu"re prom-pt <br /> authonzed personnel -'.This includes a= -and accurate processing,of data - <. <br /> rEyielro ot physical and logical access _ Tiiis mcluc(es the review of data -_ <br /> procedures. The review of logical caliture, data 4alidatign artd,edi'l- <br /> accessWould=-rnclude,theevaluattonv _ .. <br />transaciign_loggmg=audJhfrails, <br />?.vlt IJ, Pllu GIIVI_IIgIjyllyu allu <br />confi lentialify of data corlection; In addition, a reyfew of: <br />- the'retention 'for a Lc <br />' Elles"Will be'eQn uc[ed - <br />36 25D-22d?.,