Personal tools

Difference between revisions of "Information Systems Audits"

From Appalachian State University Policy Manual

Jump to: navigation, search
Line 1: Line 1:
Policy 1002
Policy 1002
== Introduction ==
== Introduction ==
You may copy this page's source to start a new policy page. Be sure to remove or overwrite the examples. Second level headings should NOT be altered.
== Scope ==
== Scope ==

Revision as of 19:19, 31 August 2011

Policy 1002

1 Introduction

2 Scope

3 Definitions

3.1 Definition phrase or word

Definition summary

4 Policy and Procedure Statements

4.1 Information Systems Audits

The Office of Internal Audits examines and evaluates the adequacy and effectiveness of the systems of management control provided by the University to direct its activities toward the accomplishment of its objectives in accordance with the mission of the University. Included is an evaluation of the adequacy and effectiveness of the University's systems of internal accounting and operating controls.

Reviews may be done of the design and development of financial systems to insure that uniform and timely information assisting the decision making process of management of the University is available. This is accomplished through analysis of existing financial systems, internal control and making recommendations for changes as applicable.

As new and/or modified systems become operational, the staff may conduct system audits of computer applications and major administrative systems. Attention is given to the system requirements to insure that adequate internal controls are incorporated, that procedures are followed in processing the system, that system documentation is complete and accurate, and the needs of user areas are met.

At the completion of the review, an audit report will be issued to the director or manager of the user area with copies going to appropriate University administrators. This report will outline weaknesses and/or deficiencies in the system and operational problems noted.

4.2 Reply to Information Systems Audit Report

To insure that consistent practices and procedures are followed regarding deficiencies and operational problems in information systems, the following policies are applicable:

The manager or director of the user area will respond to the audit report and recommendations contained in the report. A written reply to the deficiencies and/or operational problems noted in the audit report should be addressed to the Director of Audits with a copy going to the Vice Chancellor responsible for the user area. The written reply to the information systems audit report is due within fifteen (15) days of the date of the report. The reply should consist of the action taken or planned with regard to the recommendations contained in the report. Where applicable, it should also give attention to changes in operating procedures, etc., that would alleviate operational problems in the future. If it is felt that the reply to the information systems audit report is unsatisfactory in corrective action, it will be resolved through consultation with all parties concerned.

5 Additional References

6 Authority

7 Contact Information

8 Effective Date

9 Revision Dates

Last modified 05/06/2009 03:09:00 PM by Matt McNaney