Audit Program Templete
Audit Program Templete
Audit Program Templete
PLANNING MEMO
AREA REVIEWED
DATE
INTRODUCTION
At the request of management Internal Audit performed a review on Office Security within
Windows 2000 Operating System.
Per our mandate as documented in the Internal Audit Charter: “Internal Audit staff shall have
authority to access and examine all information, both paper-based documents and electronic
information residing on computers systems, and to inspect all physical assets. However, they
shall safeguard any assets or information that they examine and maintain the confidentiality
of all information”. Therefore any restriction to information shall be construed as limitation of
our scope and will be reported to the Board and the Audit Committee.
BACKGROUND
The telecommunications industry is very competitive. The security of documents and other
confidential related matters is crucial to the group.
To provide executive management with an opinion on the security of word documents / office
files within Windows 2000.
- Security Settings
- Account Policies
AUDIT APPROACH
There are a number of distinct stages in the internal audit process, all of which contribute to a successful
conclusion. The auditor in charge is responsible for ensuring that the process is complied with. The various
stages include:
Opening meeting, Planning and risk analysis
Fieldwork or testing & evaluation of internal controls
Draft report and closing meeting
The techniques used in testing and evaluating internal controls will include:
NAME ROLES
Internal Auditor
Draft Report
Final Report
At the conclusion of each audit, a draft report is prepared containing all findings and
recommendations for improving controls and increasing efficiencies and promoting cost savings.
Audit findings are categorized according to high, medium and low risk. The assessment is based
on the impact, probability and controllability aspects of risk on the business.
A copy of the draft is sent to management prior to closing meeting for management’s preliminary
review and comment. The draft report will be discussed at the closing meeting. Management’s
action plan are discussed and included as part of the final report.