RSM427H1 Lecture Notes - Lecture 10: User Interface, Business Process, Outsourcing

Detailed audit tests of operating effectiveness performed if report covers a period. * what the system does, not only being the it system, description of business process and supporting it. Preparation of control assurance report by service auditor: for each control objective the service provider includes complimentary procedures in the report for the user orga(cid:374)izatio(cid:374)"s perfor(cid:373)a(cid:374)(cid:272)e to (cid:373)eet the objective. Insufficient controls to meet the control objective: the service auditor should consider qualifying if the control deficiency(s) is significant and the objective cannot be met. Use of control assurance report by user auditor: review the audit opinion, review control considerations, review control procedures tested (to ensure they cover the objectives you require to be audited) Control assurance report: referencing the report and procedures, significant and subsequent events, fraud. Identify compensating control(s: correct deficiency(s) prior to period end, other considerations, stop the review until the following year, eliminate control objective.