IT General Controls Risk Assessment Report
IT General Controls Risk Assessment Report
Foods Fantastic Company
Background:
In accordance with our IT audit plan, the Foods Fantastic Company (FFC) Audit Team has performed an ITGC review of the 5 critical ITGC areas and in-scope applications so as to enable the audit team to follow a controls-based audit approach and be able to rely on the IT controls in place at FFC. FFC is a publicly traded, regional grocery store located in the mid-Atlantic region which relies on many state-of-the-art IT systems and software and which are all managed in-house.
Purpose:
We hope to gain comfort that FFC’s systems, IT practices, and risk management procedures are working properly and are operationally effective within a well-controlled IT environment and to meet the requirements that are outlined in SAS 109 and SOX Section 404 Management Assessment of Internal Controls. Considering that the FFC IT environment has a direct impact on the account balances and financial statements, it is imperative that we provide assurance over IT controls prior to the financial statement audit and assess the risk of material misstatement in the different areas of the IT environment.
Scope:
Our team initially reviewed key provisions included in SAS 109, SOX Section 404, PCAOB Auditing Standard No.5, and FFC policies. To provide the financial auditors with a complete and accurate review of the critical ITGC areas, we reviewed FFC’s IT and security procedures, interviewed relevant FFC client personnel, and observed FFC operations and procedures related to its ITGCs. Upon review of all relevant evidence and data collected through our walkthrough of FFC, we developed our risk assessment of each ITGC area and an associated assessment of the strengths and weaknesses of each ITGC area documented in Exhibit 3, parts A &B.
Findings:
After reviewing the evidence collected during our walkthrough of FFC’s IT environment, we have assessed IT Management as a lower risk
Foods Fantastic Company
Background:
In accordance with our IT audit plan, the Foods Fantastic Company (FFC) Audit Team has performed an ITGC review of the 5 critical ITGC areas and in-scope applications so as to enable the audit team to follow a controls-based audit approach and be able to rely on the IT controls in place at FFC. FFC is a publicly traded, regional grocery store located in the mid-Atlantic region which relies on many state-of-the-art IT systems and software and which are all managed in-house.
Purpose:
We hope to gain comfort that FFC’s systems, IT practices, and risk management procedures are working properly and are operationally effective within a well-controlled IT environment and to meet the requirements that are outlined in SAS 109 and SOX Section 404 Management Assessment of Internal Controls. Considering that the FFC IT environment has a direct impact on the account balances and financial statements, it is imperative that we provide assurance over IT controls prior to the financial statement audit and assess the risk of material misstatement in the different areas of the IT environment.
Scope:
Our team initially reviewed key provisions included in SAS 109, SOX Section 404, PCAOB Auditing Standard No.5, and FFC policies. To provide the financial auditors with a complete and accurate review of the critical ITGC areas, we reviewed FFC’s IT and security procedures, interviewed relevant FFC client personnel, and observed FFC operations and procedures related to its ITGCs. Upon review of all relevant evidence and data collected through our walkthrough of FFC, we developed our risk assessment of each ITGC area and an associated assessment of the strengths and weaknesses of each ITGC area documented in Exhibit 3, parts A &B.
Findings:
After reviewing the evidence collected during our walkthrough of FFC’s IT environment, we have assessed IT Management as a lower risk