Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.theiia.org Adapted from Auditing User-Developed Applications (UDA) End User Computing (EUC) Global Technology Audit Guide GTAG® 14.

Published byMyron Sanders Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.theiia.org Adapted from Auditing User-Developed Applications (UDA) End User Computing (EUC) Global Technology Audit Guide GTAG® 14."— Presentation transcript:

1 www.theiia.org Adapted from Auditing User-Developed Applications (UDA) End User Computing (EUC) Global Technology Audit Guide GTAG® 14

2 www.theiia.org UDA/EUC Definition UDAs are applications that are developed by end users, usually in a noncontrolled IT environment. Examples –Spreadsheets –User databases –Queries –Scripts –Output from various reporting tools Used in EUC application

3 www.theiia.org UDA/EUC Users Financial analysts creates spreadsheet to analyze budget variances. –Graphs would be nice as well! Reconciliation functions in accounting Computer assisted audit techniques (CAATs) Project management Management reports –Fraud?Fraud?

4 www.theiia.org UDA/EUC Uses What-if? analysis using tools such as –spreadsheet models or –more specialized tools such as risk or financial management packages, or –business intelligence software, E.g., used for monitoring sales and marketing performance of information stored in a data warehouse

5 www.theiia.org Benefits of UDA –Quicker to develop and use –Readily available tools at a lower cost MS Excel ($500) Google sheet (Free) –Configurable and flexible Simple to “power” developer / user –Tailored to user –Allows creativity –Competitive advantage (for the employee as well) –Puts decision maker “nearer” data/information –Relieves workload in IT

6 www.theiia.org Risks of UDA The most significant risk is the integrity of the data and information managed and reported. Management may assume that reports generated from UDA came from an IT- developed and controlled application UDAs typically do not follow a systems development life cycle (SDLC) process.

7 www.theiia.org Risks of UDA Control breakdowns can be traced to –Lack of a structured development process. –Data download issues Inaccurate data (GIGO) –Increasing complexity of UDA over time Multiple “authors” Added analyses / worksheets –Lack of developer experience “Hard” code data [Ctrl `] “What if” not repeatable

8 www.theiia.org Risks of UDA Control breakdowns can be traced to –Lack of version controls across users –Lack of documentation Missing the worksheet that explains what the workbook is for

9 www.theiia.org Risks of UDA Control breakdowns can be traced to –Lack of support Users self-train, develop own techniques –Limited input and output controls –Lack of formal, if any, testing –Hidden data columns, rows, worksheets. Compromise of confidentiality Lack of DRP, backup. Duplication of efforts Lack of SOD: –programming, data, output rest with one person

10 www.theiia.org Review of UDA Has management identified critical UDAs? Highest significance –Risk assessment? –Mitigating controls Review documentation (if any) Access controls –Change management –Backup and recovery –Security –Data integrity.

11 www.theiia.org Best practices Access guidelines Source data –Data input area should not contain formulas –Input should follow source document –Lock formulas Source output –Save separate workbook from each “what if” analysis or periodic report. –Standard format –Control access to output

12 www.theiia.org Best practices Testing guidelines –Fraud detectionFraud detection Logic guidelines Version, backup, and archiving guidelines Documentation guidelines –Document all the prior guidelines and practices –Can someone else do the task based on this?

Download ppt "Www.theiia.org Adapted from Auditing User-Developed Applications (UDA) End User Computing (EUC) Global Technology Audit Guide GTAG® 14."

Similar presentations

ADMINISTRATION Information Technology for Administrators SPREADSHEETS Click To Continue.

ADMINISTRATION Information Technology for Administrators SPREADSHEETS Click To Continue.
Ncg | group about | navigator xlforecast +46 8 611 76 20

Ncg | group about | navigator xlforecast
Business Planning using Spreasheets-2 1 BP-2: Good Spreadsheet Practice  There is always the temptation to rush in and start entering data.  However.

Business Planning using Spreasheets-2 1 BP-2: Good Spreadsheet Practice  There is always the temptation to rush in and start entering data.  However.
System Development Life Cycle (SDLC)

System Development Life Cycle (SDLC)
Spreadsheet Basics Computer Technology.

Spreadsheet Basics Computer Technology.
ITAuditing Using GAS & CAATs

ITAuditing Using GAS & CAATs
Auditing Computer-Based Information Systems

Auditing Computer-Based Information Systems
Copyright © 2014 Pearson Education, Inc. 1 Managers from across organizations are involved in developing and acquiring information systems Chapter 5 -

Copyright © 2014 Pearson Education, Inc. 1 Managers from across organizations are involved in developing and acquiring information systems Chapter 5 -
Database Theory Why use database? Data is a valuable corporate resource which needs adequate accuracy, consistency and security controls. The centralized.

Database Theory Why use database? Data is a valuable corporate resource which needs adequate accuracy, consistency and security controls. The centralized.
The Islamic University of Gaza

The Islamic University of Gaza
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
11.1 Lecture 11 CASE tools IMS2805 - Systems Design and Implementation.

11.1 Lecture 11 CASE tools IMS Systems Design and Implementation.
Designing new systems or modifying existing ones should always be aimed at helping an organization achieve its goals State the purpose of systems design.

Designing new systems or modifying existing ones should always be aimed at helping an organization achieve its goals State the purpose of systems design.
Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 10 Managing a Database.

Your Interactive Guide to the Digital World Discovering Computers 2012 Chapter 10 Managing a Database.
CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007

CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
SE 555 Software Requirements & Specification Requirements Management.

SE 555 Software Requirements & Specification Requirements Management.
Chapter 14 Systems Development. Agenda Reasons for Change System Development Life Cycle (SDLC) Prototyping Rapid Application Development (RAD) Object.

Chapter 14 Systems Development. Agenda Reasons for Change System Development Life Cycle (SDLC) Prototyping Rapid Application Development (RAD) Object.
Computer Assisted Audit Techniques

Computer Assisted Audit Techniques
Living in a Digital World Discovering Computers 2010.

Living in a Digital World Discovering Computers 2010.
Exploring Microsoft Excel Chapter 2 Gaining Proficiency: Copying, Formatting, and Isolating Assumptions.

Exploring Microsoft Excel Chapter 2 Gaining Proficiency: Copying, Formatting, and Isolating Assumptions.

Similar presentations

Ads by Google