Assignment Help, In general, this assignment will help you identify how general IT controls might relate to a specific financial statement item

    (IT Audit class) In general, this assignment will help you identify how general IT controls might relate to a specific financial statement item. Consider a control “monthly review of budget vs. actual for overhead expenditures” as you answer this question. See the second page for a bit more information to help you think this through.

    How would a monthly review of budget vs. actual for overhead expenditures work?

    Once a month, a manager run an overhead report, budget vs actual. On this report you would expect to find

    Various expenditure categories listed such as Payroll, Utilities, Routine Maintenance, and other costs that would be considered overhead rather than costs related to sales, production, or delivery of services

    For each category you it would report:

    A list of the expenditures during the month in each category

    A total for expenditures for the month and a budget the corresponding budget amount

    YTD budget and actual amounts

    Annual budget amounts

    The manager would review the report:

    Are there budget variances? (spending significantly above or below budget)

    Does the payments look reasonable (reasonable amounts to appropriate vendors)

    The manager is supposed to:

    Be sufficiently knowledgeable to know if the payments are reasonable

    Take due care in reviewing the report

    Take action as appropriate

    How might this control activity be verified?

    Running of the report can be verified (is it emailed? run by request? Are report requests logged?)

    Items deserving of action can be identified (over budget items, new vendors, out-ot-pattern amounts)

    Follow-up action can be verified (Initials? Memos? Emails?)

    General Controls:

    Identity and Access Management:

    Report logging and email are tracked based on the user id of the logged in user.

    User IDs are issued by the card center

    Rights to change the amounts to budget accounts and rights to change budgets are authorized based on user ID

    Policies and computerized rules require strong passwords and annual password resets

    Database Management Controls:

    The AP system accesses the underlying database using a service account; the service account password is stored in a password management system and automatically and regularly changed

    Direct access to the MS-SQL database and database server used by the AP system is limited to a few Database Administrators

    Any updates to date made by privileged users (database administrators) are separately logged

    The servers that run the database software are regularly patched with security updates

    Changes to the software are controlled:

    New versions and configuration changes are, by policy, tested before updates are applied to the production system

    Configuration changes are logged and the change logs are reviewed

    Only select individuals who are not the ones who make the changes, are allowed to ‘migrate’ changes from the test environment into the production environment, migrations are logged

    Differences between the production and test environment are noted in a nightly report

    1. Budget vs. Actual reporting is important to help an organization meet its objectives as per the definition of Internal Control even apart from any potential impact on financial reporting. Profitability goals matter for internal control. Does this mean that an auditor is interested in this control apart from its financial reporting implications? Briefly discuss.

    2. Explain (a couple of sentences at most) how database management controls could impact the effectiveness of this control.

    –Paper Writing Service – Get Custom paper at

    Order for this paper or request for a similar assignment by clicking order now below

    Order Now