Personal tools
Navigation
Tools

Difference between revisions of "Information Systems Audits"

From Appalachian State University Policy Manual

Jump to: navigation, search
(Introduction)
Line 1: Line 1:
 
Policy 1002
 
Policy 1002
 
== Introduction ==
 
== Introduction ==
 +
1.1  The Information System Audits Policy provides a description of an Information Systems Audit as conducted by the Office of Internal Audits and the steps that management should take regarding replying to an Information Systems Audit Report.
  
 
== Scope ==
 
== Scope ==

Revision as of 20:00, 7 April 2014

Policy 1002

1 Introduction

1.1 The Information System Audits Policy provides a description of an Information Systems Audit as conducted by the Office of Internal Audits and the steps that management should take regarding replying to an Information Systems Audit Report.

2 Scope

3 Definitions

4 Policy and Procedure Statements

4.1 Information Systems Audits

4.1.1 The Office of Internal Audits examines and evaluates the adequacy and effectiveness of the systems of management control provided by the University to direct its activities toward the accomplishment of its objectives in accordance with the mission of the University. Included is an evaluation of the adequacy and effectiveness of the University's systems of internal accounting and operating controls.

4.1.2 Reviews may be done of the design and development of financial systems to insure that uniform and timely information assisting the decision making process of management of the University is available. This is accomplished through analysis of existing financial systems, internal control and making recommendations for changes as applicable.

4.1.3 As new and/or modified systems become operational, the staff may conduct system audits of computer applications and major administrative systems. Attention is given to the system requirements to insure that adequate internal controls are incorporated, that procedures are followed in processing the system, that system documentation is complete and accurate, and the needs of user areas are met.

4.1.4 At the completion of the review, an audit report will be issued to the director or manager of the user area with copies going to appropriate University administrators. This report will outline weaknesses and/or deficiencies in the system and operational problems noted.

4.2 Reply to Information Systems Audit Report

4.2.1 To insure that consistent practices and procedures are followed regarding deficiencies and operational problems in information systems, the following policies are applicable:

4.2.2 The manager or director of the user area will respond to the audit report and recommendations contained in the report. A written reply to the deficiencies and/or operational problems noted in the audit report should be addressed to the Director of Audits with a copy going to the Vice Chancellor responsible for the user area. The written reply to the information systems audit report is due within fifteen (15) days of the date of the report. The reply should consist of the action taken or planned with regard to the recommendations contained in the report. Where applicable, it should also give attention to changes in operating procedures, etc., that would alleviate operational problems in the future. If it is felt that the reply to the information systems audit report is unsatisfactory in corrective action, it will be resolved through consultation with all parties concerned.

5 Additional References

6 Authority

7 Contact Information

8 Effective Date

9 Revision Dates