Www.theiia.org Adapted from Auditing User-Developed Applications (UDA) End User Computing (EUC) Global Technology Audit Guide GTAG® 14.

Slides:

Advertisements

Similar presentations

ADMINISTRATION Information Technology for Administrators SPREADSHEETS Click To Continue.

Advertisements

Ncg | group about | navigator xlforecast

Business Planning using Spreasheets-2 1 BP-2: Good Spreadsheet Practice  There is always the temptation to rush in and start entering data.  However.

System Development Life Cycle (SDLC)

Spreadsheet Basics Computer Technology.

ITAuditing Using GAS & CAATs

Auditing Computer-Based Information Systems

Copyright © 2014 Pearson Education, Inc. 1 Managers from across organizations are involved in developing and acquiring information systems Chapter 5 -

Database Theory Why use database? Data is a valuable corporate resource which needs adequate accuracy, consistency and security controls. The centralized.

The Islamic University of Gaza

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.

11.1 Lecture 11 CASE tools IMS Systems Design and Implementation.

Designing new systems or modifying existing ones should always be aimed at helping an organization achieve its goals State the purpose of systems design.

Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 10 Managing a Database.

CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007

SE 555 Software Requirements & Specification Requirements Management.

Chapter 14 Systems Development. Agenda Reasons for Change System Development Life Cycle (SDLC) Prototyping Rapid Application Development (RAD) Object.

Computer Assisted Audit Techniques

Living in a Digital World Discovering Computers 2010.

Exploring Microsoft Excel Chapter 2 Gaining Proficiency: Copying, Formatting, and Isolating Assumptions.

Formula Auditing, Data Validation, and Complex Problem Solving

Lead Black Slide. © 2001 Business & Information Systems 2/e2 Chapter 11 Management Decision Making.

DECISION SUPPORT SYSTEM DEVELOPMENT

Introduction to Systems Analysis and Design

Chapter 1: The Database Environment

Welcome to CMPE003 Personal Computer Concepts: Hardware and Software Winter 2003 UC Santa Cruz Instructor: Guy Cox.

Presentation Overview Background Accessing Retail Data Warehouse Using ACL Accessing ODBC Accounting Package Using ACL Accessing AS400 Using ACL Accessing.

Chapter 11 Management Decision Making

End User Computer Controls Marc Engel, CPA, CISA, CFE Risk Management Advisory Services LLC

Spreadsheet Management. Sarbanes-Oxley Act (SOX, 2002) Requires “an effective system of internal control” for financial reporting in publicly- held companies.

Systems Analysis and Design: The Big Picture

Systems Analysis And Design © Systems Analysis And Design © V. Rajaraman MODULE 14 CASE TOOLS Learning Units 14.1 CASE tools and their importance 14.2.

Discovering Computers Fundamentals, 2012 Edition Your Interactive Guide to the Digital World.

Test Organization and Management

Applications Software. Applications software is designed to perform specific tasks. There are three main types of application software: Applications packages.

Objectives Overview Define the term, database, and explain how a database interacts with data and information Define the term, data integrity, and describe.

STORING ORGANIZATIONAL INFORMATION— DATABASES CIS 429—Chapter 7.

Introduction to Databases A line manager asks, “If data unorganized is like matter unorganized and God created the heavens and earth in six days, how come.

Chapter 10  2000 by Prentice Hall Information Systems for Managerial Decision Making Uma Gupta Introduction to Information Systems.

Chapter 14 Information System Development

OFFICE OF THE CHIEF FINANCIAL OFFICER CFO PeopleSoft nVision - Overview Finance Network Chuck Axthelm March 16, 2006.

IT Service Delivery And Support Week Eleven – Auditing Application Control IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA.

Administrative Software Chapter 7 Teaching and Learning with Technology.

© 2007 by Prentice Hall 1 Introduction to databases.

Auditing Information Systems (AIS)

© 2001 Business & Information Systems 2/e1 Chapter 8 Personal Productivity and Problem Solving.

IB ITGS Case Study. Introduction: Serving thousands of clients, it is method of environment-friendly green ticketing. User friendly system which minimizes.

Lead Black Slide Powered by DeSiaMore1. 2 Chapter 8 Personal Productivity and Problem Solving.

Objectives Overview Define the term, database, and explain how a database interacts with data and information Describe the qualities of valuable information.

Utilizing Excel to Assist in Office Procedures Presented by: Automotive Services Group Amper, Politziner & Mattia, LLP.

Teaching and Learning with Technology to edit Master title style  Allyn and Bacon 2002 Teaching and Learning with Technology lick to edit Master title.

C6 Databases. 2 Traditional file environment Data Redundancy and Inconsistency: –Data redundancy: The presence of duplicate data in multiple data files.

CHAPTER 3 DATABASES AND DATA WAREHOUSES. 2 OPENING CASE STUDY Chrysler Spins a Competitive Advantage with Supply Chain Management Software Chapter 2 –

Systems Analysis and Design in a Changing World, Fourth Edition

Decision Support Systems Development

CPS ® and CAP ® Examination Review OFFICE SYTEMS AND TECHNOLOGY, Fifth Edition By Schroeder and Graf ©2005 Pearson Education, Inc. Pearson Prentice Hall.

1 Database Systems Instructor: Nasir Minhas Assistant Professor UIIT PMAS-AAUR

Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.

Chapter 4 Automated Tools for Systems Development Modern Systems Analysis and Design Third Edition 4.1.

1 Chapter 9 Database Management. Objectives Overview Define the term, database, and explain how a database interacts with data and information Describe.

Chapter 9 Management Information Systems. Chapter 9IS for Management2 Management Information Systems (MIS)  Provide managers with information & support.

Chapter 8-1 Chapter 8 Accounting Information Systems Information Technology Auditing Dr. Hisham madi.

© 2005 Prentice Hall, Decision Support Systems and Intelligent Systems, 7th Edition, Turban, Aronson, and Liang 6-1 Chapter 6 Decision Support System Development.

Fundamentals of Information Systems, Sixth Edition

Information Systems Development

Information Technology Controls

Chapter Ten Managing a Database.

Unit 9 – Spreadsheet Development

Auditing Application Controls

Application Software EIT, © Author Gay Robertson, 2016.

Presentation transcript:

Adapted from Auditing User-Developed Applications (UDA) End User Computing (EUC) Global Technology Audit Guide GTAG® 14

UDA/EUC Definition UDAs are applications that are developed by end users, usually in a noncontrolled IT environment. Examples –Spreadsheets –User databases –Queries –Scripts –Output from various reporting tools Used in EUC application

UDA/EUC Users Financial analysts creates spreadsheet to analyze budget variances. –Graphs would be nice as well! Reconciliation functions in accounting Computer assisted audit techniques (CAATs) Project management Management reports –Fraud?Fraud?

UDA/EUC Uses What-if? analysis using tools such as –spreadsheet models or –more specialized tools such as risk or financial management packages, or –business intelligence software, E.g., used for monitoring sales and marketing performance of information stored in a data warehouse

Benefits of UDA –Quicker to develop and use –Readily available tools at a lower cost MS Excel ($500) Google sheet (Free) –Configurable and flexible Simple to “power” developer / user –Tailored to user –Allows creativity –Competitive advantage (for the employee as well) –Puts decision maker “nearer” data/information –Relieves workload in IT

Risks of UDA The most significant risk is the integrity of the data and information managed and reported. Management may assume that reports generated from UDA came from an IT- developed and controlled application UDAs typically do not follow a systems development life cycle (SDLC) process.

Risks of UDA Control breakdowns can be traced to –Lack of a structured development process. –Data download issues Inaccurate data (GIGO) –Increasing complexity of UDA over time Multiple “authors” Added analyses / worksheets –Lack of developer experience “Hard” code data [Ctrl `] “What if” not repeatable

Risks of UDA Control breakdowns can be traced to –Lack of version controls across users –Lack of documentation Missing the worksheet that explains what the workbook is for

Risks of UDA Control breakdowns can be traced to –Lack of support Users self-train, develop own techniques –Limited input and output controls –Lack of formal, if any, testing –Hidden data columns, rows, worksheets. Compromise of confidentiality Lack of DRP, backup. Duplication of efforts Lack of SOD: –programming, data, output rest with one person

Review of UDA Has management identified critical UDAs? Highest significance –Risk assessment? –Mitigating controls Review documentation (if any) Access controls –Change management –Backup and recovery –Security –Data integrity.

Best practices Access guidelines Source data –Data input area should not contain formulas –Input should follow source document –Lock formulas Source output –Save separate workbook from each “what if” analysis or periodic report. –Standard format –Control access to output

Best practices Testing guidelines –Fraud detectionFraud detection Logic guidelines Version, backup, and archiving guidelines Documentation guidelines –Document all the prior guidelines and practices –Can someone else do the task based on this?