Work Programs
The following 247 items are listed by date.
July 13, 2009 Financial Institution Security Audit Work Program This work program is an aid to assess the quantity of risk and the effectiveness of a financial institution’s risk management processes as they relate to the security measures instituted to ensure confidentiality, integrity, and availability of information, instilling accountability for actions taken on the institution’s systems. CONTENT AREA: Work Programs TOPICS: Financial Services Industry, Technology, IT Audit, Security, Access Control Systems & Methodology, Application Development Security, Network & Internet Security, Physical Security June 29, 2009 IT Asset Management Diagnostic Audit Work Program This work program covers a complete IT Asset Management (ITAM) diagnostic audit. Areas covered within this work program include the IT Asset Management Function, IT Asset Management Processes, and IT Asset Financial Management. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, IT Infrastructure, Software, Asset Management June 15, 2009 Data Center Walkthrough Audit Work Program This work program will help determine whether information resources are protected against unauthorized access and environmental hazards. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, Security, Access Control Systems & Methodology, Physical Security, Security Management Practices May 11, 2009 PCI Review Work Program This work program covers a high-level PCI review. Objectives include the processing of PINs, cryptographic key creation, and secure key transmission, loading, and administration. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, Security, Access Control Systems & Methodology, Security Architecture & Models, Security Management Practices April 27, 2009 Payroll and Leave Management Audit Work Program This audit work program focuses on the payroll and leave management process. This document assesses objectives such as whether the organization has established an adequate control environment and properly assesses risks associated with this process. CONTENT AREA: Work Programs TOPICS: Human Resources, Payroll, Internal Audit, Audit Testing, Internal Controls, Segregation of Duties April 6, 2009 Windows Server 2003 Configuration and Supporting Processes Audit Work Program This work program covers areas specific to configuration and the supporting processes for systems running Microsoft Windows Server 2003. Topics covered include Active Directory, platform configuration settings, policies and procedures, Remote Access Service (RAS), and more. This work program provides specific control objectives, general procedures, and detailed test steps for evaluating Active Directory configuration, RAS settings, security policies, and much more. CONTENT AREA: Work Programs TOPICS: Technology, Internet/Intranet, IT Audit, IT Controls, IT Infrastructure, Security, Security Management Practices March 30, 2009 Windows Server 2003 Network and Environment Controls Work Program This work program covers network and environment controls for systems running Microsoft Windows Server 2003. Topics covered include monitoring intrusion detection software, ensuring authorized access to packet sniffing utilities, and proper filtering of all network ports. Review this work program to learn more about these topics and many more. CONTENT AREA: Work Programs TOPICS: Technology, Internet/Intranet, IT Audit, IT Infrastructure, Security, Network & Internet Security, Security Management Practices March 23, 2009 Windows Server 2003 System Logging and Auditing Work Program This work program covers areas specific to user account management for systems running Microsoft Windows Server 2003. Topics covered include: remote access, default accounts, access control groups, reviewing contractor/temporary accounts, unique user IDs and more. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, Security, Operations Security, Security Management Practices March 16, 2009 Windows Server 2003 Access Control Work Program This work program covers areas specific to Access Control management for systems running Microsoft Windows Server 2003. Topics covered include access control objectives for: administration tools and system utilities, DNS queries and zone transfers, Microsoft Management Console, and more. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, Security, Access Control Systems & Methodology, Sarbanes-Oxley Act, Security Management Practices March 2, 2009 Windows Server 2003 User Account Management Work Program This work program covers areas specific to user account management for systems running Microsoft Windows Server 2003. Topics covered include: remote access, default accounts, access control groups, reviewing contractor/temporary accounts, unique user IDs and more. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, Security, Access Control Systems & Methodology, Network & Internet Security, Security Management Practices February 23, 2009 System Pre-Implementation Review Audit Work Program The purpose of this document is to provide the general steps used to execute a pre-implementation review audit. This document provides audit objectives and procedures to help evaluate items such as the project management strategy, mechanisms that limit the ability to make changes to the application, and associated infrastructure testing strategies and procedures. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, IT Strategy, Security, Application Development Security, Security Architecture & Models February 16, 2009 Computer Operations/Job Scheduling Audit Work Program The purpose of this document is to provide the general steps used to execute an audit on computer operations and IT job scheduling. This work program provides audit objectives and test steps to help determine and review the role of computer operations within an organization, the responsibilities of the computer operations department, and ability to proactively manage computer operations. Use this work program to test these steps and many more. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, IT Infrastructure, Security, Operations Security, Change Management February 9, 2009 IT Project Governance Work Program The purpose of this document is to provide the general steps used to execute an IT project governance audit. This work program identifies major areas to be investigated during an IT project governance review as well as critical control validation tests to perform. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, IT Infrastructure, IT Strategy, Security, Application Development Security February 2, 2009 Data Conversion Work Program The purpose of this document is to provide the general steps used to evaluate a data conversion project. This work program provides audit objectives and work steps to ensure proper extraction of source data, confirm that controls are in place to verify accurate data conversion, and make certain that appropriate testing is done with converted data. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, IT Infrastructure, IT Strategy, Security, Application Development Security January 12, 2009 Database Administration Audit Work Program The purpose of this document is to provide the general steps of a database administration review audit. This work program identifies audit steps in the areas of general security, access, database availability, backup and recovery, development and integrity, and database host operating system security. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Infrastructure, Internal Audit, Audit Testing, Security, Access Control Systems & Methodology, Operations Security, Segregation of Duties December 22, 2008 AS400 Review Audit Work Program The purpose of this document is to provide the general steps of an AS400 review audit. This work program identifies major areas which should be investigated during a general or specific controls review in an AS/400 installation as well as critical control validation tests that should be performed. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, Software, Security, Access Control Systems & Methodology December 15, 2008 VPN Audit Work Program The purpose of this document is to provide the general steps of a Virtual Private Network (VPN) Administration audit. This work program provides tasks descriptions and test steps in the areas of documentation, logging, monitoring, and user pool for VPN Administration. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, IT Infrastructure, IT Strategy, Security, Network & Internet Security December 8, 2008 Firewall Audit Work Program The purpose of this document is to provide the general steps of a firewall administration audit. This work program provides tasks descriptions and test steps for areas such as: documentation, logical access, configuration, operating systems logs, firewall tests, application logs, physical security, and continuity of operations. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, IT Infrastructure, IT Strategy, Security, Network & Internet Security December 1, 2008 Change Management Audit Work Program The purpose of this document is to provide the general steps of a technology change management audit. This work program includes tasks descriptions and test steps in the following areas: documentation, approval process, testing, and migration to production. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, IT Strategy, Software, Security, Application Development Security, Change Management December 1, 2008 Treasury and Cash Management Audit Work Program (资金及现金管理工作计划) 此工作计划样本说明资金流程的工作步骤。具体的审阅领域包括电汇、现金管理、投资、外汇风险管理和利率掉期。 CONTENT AREA: Work Programs TOPICS: Internal Audit, Accounting/Finance, Cash & Treasury, Investments & Foreign Exchange, Audit Testing, China, Financial and Credit Risk November 24, 2008 Network Infrastructure Audit Work Program The purpose of this document is to provide the general steps of an IT network infrastructure audit. This work program addresses three general risks -- confidentiality, integrity, and availability -- in four major areas. CONTENT AREA: Work Programs TOPICS: Technology, Internet/Intranet, IT Audit, IT Infrastructure, IT Strategy, Security, Network & Internet Security October 3, 2008 AuditNet Premium Content This page will link you to AuditNet.org and will take you to AuditNet’s Premium Content - typically only available to paid, registered AuditNet users. Subscribers have access to all of AuditNet's Premium Content as a part of the KnowledgeLeader service. Protiviti disclaims all warranties as to the accuracy, completeness or adequacy of information contained therein or for interpretations thereof. Protiviti accepts no liability or responsibility to the user for the selection of materials from AuditNet.org or for reliance by any user or reader on such information. CONTENT AREA: Work Programs TOPICS: Internal Audit September 15, 2008 Restaurant Visit Internal Control Audit Work Program The purpose of this work program is to conduct an internal control review at a restaurant company’s operating sites. Example audit areas covered in this work program include: payroll, overtime, inventory, bank reconciliations, and approved vendors. CONTENT AREA: Work Programs TOPICS: Hospitality Industry, Internal Audit, Audit Reporting, Audit Testing, Internal Controls August 18, 2008 Restaurant Regional Office Internal Control Audit Work Program The purpose of this work program is to conduct an internal control review at a restaurant company’s regional office. Example audit areas covered in this work program include: payroll, overtime, inventory, bank reconciliations, and approved vendors. CONTENT AREA: Work Programs TOPICS: Hospitality Industry, Internal Audit, Audit Reporting, Audit Testing, Internal Controls August 11, 2008 Risk Assessment Audit Work Program This audit work program focuses on the risk assessment component of the COSO framework. Sample risks addressed in this audit work program include: management does not have a business planning process in place that examines existing objectives and establishes new objectives when necessary; senior management does not develop plans to mitigate significant identified risks; and changes in risks are not identified in a timely manner. CONTENT AREA: Work Programs TOPICS: Corporate Governance, Audit Committee & Board, Internal Audit, Risk Management & Assessment, COSO, Enterprise Risk Management, Entity-Level Control, GRC July 28, 2008 Information and Communication Audit Work Program This audit work program focuses on the information and communication component of the COSO Framework. Sample risks addressed in this audit work program include: adequacy of the information technology structure is not considered by senior management; there is not a regular back-up of application programs and data files; and reported problems are not investigated in a timely manner and disciplinary actions are not taken when necessary. CONTENT AREA: Work Programs TOPICS: Corporate Governance, Audit Committee & Board, Whistleblower/Complaint Reporting, Technology, IT Controls, IT Infrastructure, COSO, Entity-Level Control, GRC July 14, 2008 Control Environment Audit Work Program This audit work program focuses on the control environment component of the COSO Framework. Sample risks addressed in this audit work program include: a code of conduct and other policies does not exist regarding acceptable business practices, conflicts of interest, or expected standards of ethical and moral behaviour; adequate staffing levels are not maintained to effectively perform required tasks; and an independent governing body that provides oversight for management's activities does not exist. CONTENT AREA: Work Programs TOPICS: Financial Reporting, Human Resources, Corporate Governance, Audit Committee & Board, Internal Audit, Audit Testing, Entity-Level Control, GRC June 2, 2008 Monitoring Audit Work Program - Example 2 This audit work program focuses on the monitoring component of the COSO Framework. Sample risks addressed in this audit work program include: internal and/or external audit comments and management responses are not provided to the audit committee or board of directors and internal audit does not have the authority to review any aspect of the entity's operations. CONTENT AREA: Work Programs TOPICS: Corporate Governance, Audit Committee & Board, COSO, Entity-Level Control, Internal Controls, GRC May 19, 2008 End User Computing Audit Work Program This work program focuses on auditing end user computing. It concentrates on the IT controls to be tested; reviews the results of management’s testing; and documents the procedures used to test each control. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Infrastructure, Sarbanes-Oxley Act, IT Controls, Change Management, Process-Level Control May 12, 2008 Computer Operations Audit Work Program This work program focuses on auditing computer operations. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; and documents the procedures used to test each control. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Controls, IT Infrastructure, IT Strategy May 5, 2008 Program Development Audit Work Program This work program focuses on auditing the program development process. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; and documents the procedures used to test each control. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Infrastructure, Sarbanes-Oxley Act, Internal Audit, IT Controls, Process-Level Control April 28, 2008 Program Changes Audit Work Program This work program focuses on auditing program change controls. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; and documents the procedures used to test each control. CONTENT AREA: Work Programs TOPICS: Internal Audit, Audit Testing, IT Audit, Sarbanes-Oxley Act, IT Controls, Change Management April 21, 2008 E-Commerce Audit Work Program This extensive e-Commerce audit work program is tailored towards the requirements of a credit union. It can be downloaded and reviewed for ideas and comparison with your own work programs. CONTENT AREA: Work Programs TOPICS: Financial Services Industry, Technology, E-Business March 31, 2008 Active Directory Work Program - Infrastructure This is the final section of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with the Infrastructure. CONTENT AREA: Work Programs TOPICS: Technology, IT Infrastructure March 24, 2008 Active Directory Work Program - Replication This is part eight of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with Replication. CONTENT AREA: Work Programs TOPICS: Technology, IT Infrastructure, Software March 17, 2008 Active Directory Work Program - Architecture/Design This is part seven of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with Architecture/Design. CONTENT AREA: Work Programs TOPICS: Technology, IT Infrastructure, Software March 10, 2008 Active Directory Work Program - User Management/Administration - Powerful User Rights This is part six of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with the rights of Powerful User. CONTENT AREA: Work Programs TOPICS: Technology, Software, Security, Access Control Systems & Methodology February 25, 2008 Active Directory Work Program - User Management/Administration - Access Request Procedures This is part five of an Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with user Access Request procedures. CONTENT AREA: Work Programs TOPICS: Technology, Software, Security, Access Control Systems & Methodology February 18, 2008 Active Directory Work Program - User Management/Administration - ID Termination This is part four of the Active Directory work program covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with user ID termination. CONTENT AREA: Work Programs TOPICS: Technology, Software, Security, Access Control Systems & Methodology February 11, 2008 Active Directory Work Program - User Management/Administration - ID Maintenance This is part three of an Active Directory workprogram covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. This section deals with user ID maintenance. CONTENT AREA: Work Programs TOPICS: Technology, Software, Security, Access Control Systems & Methodology February 4, 2008 Active Directory Work Program - User Management/Administration - ID Creation This is part two of an Active Directory workprogram covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. The second section deals with ID creation. CONTENT AREA: Work Programs TOPICS: Technology, Software, Security, Access Control Systems & Methodology January 28, 2008 Active Directory Work Program - User Management/Administration - General This is part one of an Active Directory workprogram covering: User Management/Administration; Architecture/Design; Replication; and Infrastructure. The first section deals with general aspects of user management and administration. CONTENT AREA: Work Programs TOPICS: Technology, Software, Security, Access Control Systems & Methodology January 14, 2008 Access to Programs and Data Audit Work Program The purpose of this work program – focused on access to programs and data – is to outline the IT general controls to be tested, review the results of management’s testing, and document the procedures to test each control. CONTENT AREA: Work Programs TOPICS: Internal Audit, IT Audit, Sarbanes-Oxley Act, IT Controls, Section 404 - Internal Control Reporting, Security, Access Control Systems & Methodology November 26, 2007 Travel Agent Commissions Audit Work Program The purpose of this internal audit work program is to assess, at a high level, and validate key controls in place for the travel agents commission process. Steps in this document include examining the travel agent commission review and approval process; adequacy of supporting documentation; and compliance with company policies and procedures. CONTENT AREA: Work Programs TOPICS: Revenue, Sales Process & Marketing, Hospitality Industry, Internal Audit, Audit Testing November 19, 2007 Warranty Processing Review Audit Work Program The purpose of this audit work program is to review a company’s method of tracking and recording in-warranty repairs, out-of-warranty repairs, and sales credits under the warranty and service repair process in accordance with company policy and United States Generally Accepted Accounting Principles (GAAP). CONTENT AREA: Work Programs TOPICS: Audit Testing, Internal Audit, Manufacturing Industry, Revenue, Supply Chain November 5, 2007 U.S. Domestic Income and Property Tax Review Audit Work Program This work program focuses on key tax processes and systems related to a company’s U.S. operations. This review focuses on related business strategies and policies, business and risk management processes, management reports, methodologies, people and organizational structure, and systems and data. CONTENT AREA: Work Programs TOPICS: Financial Reporting, Taxation, Internal Audit, Audit Testing, Internal Controls October 22, 2007 Disaster Recovery Plan Review This work program provides a review of a Disaster Recovery Plan, including the creation of the plan, evaluation of the risks covered, their impact on the business, and whether or not the plan provides for appropriate methods to recover from the threats covered by the plan. CONTENT AREA: Work Programs TOPICS: Disaster Recovery October 8, 2007 EU Data Directive Work Program This work program can be used to audit compliance with the European Union Data Directive (EUDD). It includes an overview of the EUDD requirements as they relate to privacy and security of personal data, and initial survey questions intended to provide the audit team with an overview of the auditee’s high-level privacy knowledge and awareness. CONTENT AREA: Work Programs TOPICS: Compliance, Cross Border & Non-US Issues, European Union, Laws & Regulations, Privacy, Security, GRC September 24, 2007 Payroll/Human Resources Review Work Program This payroll/HR review work program focuses on adequacy of controls, overall efficiency and effectiveness of the processes, and compliance with policies and procedures. Specific areas of review include the adequacy of system and manual check processing functions; proper review of payroll information; adequacy of supporting documentation; appropriate review and authorization of manual checks; and existence of proper segregation of duties. CONTENT AREA: Work Programs TOPICS: Human Resources, Payroll, Internal Controls August 20, 2007 Conflict of Interest (Trust Company) Audit Work Program The purpose of this audit work program is to review conflict of interest procedures between a trust company and its affiliates. This includes reviewing guidelines on appropriate financial trades, obtaining necessary board of director approval for these transactions, and determining appropriate fee structures. CONTENT AREA: Work Programs TOPICS: Corporate Governance, Audit Committee & Board, Financial Services Industry, Internal Audit, Audit Testing, Ethics, GRC August 6, 2007 Journal Entries Audit Work Program The purpose of this audit work program is to review procedures regarding the creation, posting and retention of journal entries. This includes determining if evidence exists and supports the amount booked in the accounting system; proper approval; and completeness and accuracy of each journal entry. CONTENT AREA: Work Programs TOPICS: Accounting/Finance, Financial Reporting, Internal Audit, Audit Testing, Internal Controls June 4, 2007 Electronic Signature (E-Sign) Audit Work Program The audit objective of this review is to assess documented policies and procedures, including business requirements documentation, to determine if provisions of the Electronic Signatures Act and Department of Education are adequately addressed. Auditors are asked to verify that the IT Infrastructure supporting the electronic signature process is appropriately configured to protect critical data from unauthorized access, disclosure, modification, corruption, or destruction. CONTENT AREA: Work Programs TOPICS: Financial Services Industry, Education, Internal Audit, Audit Testing, Internal Audit Administration, IT Audit, Compliance, GRC May 28, 2007 Physician Credentialing Audit Work Program The audit objective of this review is to analyze and evaluate a hospital’s physician credentialing process and identify the key controls governing the process. This work program has been updated with detailed steps focused on verifying applicants’ education and certification background, hospital staff system access rights to physician profiles, and maintaining a log of current physicians on staff. CONTENT AREA: Work Programs TOPICS: Human Resources, Healthcare & Pharmaceuticals Industry, Internal Audit, Audit Testing, Internal Audit Administration, Compliance, GRC May 14, 2007 Database Audit Program This database audit work program covers the following applications: DB2, Oracle 8i, Oracle 9i, Oracle RDB7, Sybase, and Progress. The work program is in the form of an Excel workbook, with a separate spreadsheet covering each of the following areas: Security; Change Management; and Monitoring. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Infrastructure, Security, Access Control Systems & Methodology, Asset Management, Knowledge Management, Segregation of Duties, Change Management April 9, 2007 Service Level Agreement Controls Audit Work Program The purpose of this audit work program is to assess the controls specific to a Service Level Agreement (SLA). This includes determining the business requirements of the service provider; identifying frameworks and methods used by the service provider; and reviewing key performance indicators, controls, and critical success factors used to ensure delivery of business requirements. CONTENT AREA: Work Programs TOPICS: Technology, IT Controls, IT Strategy, Internal Audit, Audit Testing, IT Audit, Outsourcing/Co-sourcing/Shared Services March 5, 2007 Freight Management Audit Work Program The purpose of this work program is to understand and evaluate the freight management process. This includes reviewing process performance measures, process effectiveness and efficiency, and contract terms and management. CONTENT AREA: Work Programs TOPICS: Audit Testing, Customer Fulfillment & Support, Distribution Industry, Internal Audit, Internal Audit Administration, Materials Management & Inventory, Supply Chain February 26, 2007 System Backup Review Audit Work Program The purpose of this work program is to review an organization’s system backup procedures. This includes identifying all applications key to the organization, identifying the responsible person for the backup procedure, analyzing actual procedures performed, and determining the appropriateness of handling related media. CONTENT AREA: Work Programs TOPICS: Audit Testing, Business Continuity Management, Technology, Internal Audit, IT Controls February 19, 2007 Entity-Level Controls Audit Work Program The objective of this audit work program is to evaluate the entity-level controls at an organization. The work program specifically focuses on entity-level topics such as integrity and ethical values; management commitment to competence; effective Board of Directors; and management's philosophy and operating style. CONTENT AREA: Work Programs TOPICS: Audit Committee & Board, Corporate Governance, Ethics, Internal Controls, Sarbanes-Oxley Act, Whistleblower/Complaint Reporting, Entity-Level Control, GRC February 5, 2007 Shipping and Receiving Audit Work Program – Sample 2 The objective of this audit work program is to evaluate the accuracy of the shipping and receiving process. The audit work program specifically focuses on ensuring that all deliveries/shipments are accurately received/issued and ensuring the integrity of order information as it flows through the systems. CONTENT AREA: Work Programs TOPICS: Audit Testing, Distribution Industry, Internal Audit, IT Audit, Materials Management & Inventory, Supply Chain January 22, 2007 Purchasing Rebate Review Audit Work Program The objective of this audit work program is to review the controls in place for the following areas of the Purchasing Rebate process: Supplier Rebate Set-Up, Maintenance and Forecasting; Rebate Processing; and Rebate Accounting and Financial Reporting. CONTENT AREA: Work Programs TOPICS: Audit Testing, Compliance, Internal Audit, Internal Controls, Purchasing & Accounts Payable, Sarbanes-Oxley Act, Supply Chain, GRC January 8, 2007 Monitoring Controls (Entity-Level) Audit Work Program The objective of this audit work program is to evaluate the operating effectiveness of the monitoring component of COSO. The audit work program specifically focuses on the attributes of on-going monitoring, separate evaluations, and reporting deficiencies. CONTENT AREA: Work Programs TOPICS: COSO, External Auditor, Internal Audit, Sarbanes-Oxley Act, Section 404 - Internal Control Reporting, Entity-Level Control January 1, 2007 Fraud Prevention Process – Debit and Credit Card Transactions Audit Work Program The objective of this audit work program is to identify and evaluate the effectiveness of a debit and credit card service provider’s fraud prevention process. This work program reviews the reports utilized to monitor fraudulent activities involving debit and credit cards and system settings intended to identify potentially fraudulent transactions CONTENT AREA: Work Programs TOPICS: Accounts Receivable, Audit Testing, Financial Services Industry, Fraud, Internal Audit, Outsourcing/Co-sourcing/Shared Services December 11, 2006 Employee Benefits Audit Work Program This document focuses on auditing a company employee benefits program. This audit work program reviews the administration of the employee benefits program, eligibility of benefits, and authorization and issuing of benefit disbursements. CONTENT AREA: Work Programs TOPICS: Audit Testing, Human Resources, Internal Audit, Internal Audit Administration November 20, 2006 Financial Reporting (External) Audit Work Program The objective of this audit work program is to evaluate the operating effectiveness of internal controls identified in the external financial reporting process. The audit work program specifically focuses on controls related to the earnings release, filing Forms 10-Q and 10-K, and debt compliance sub-processes. CONTENT AREA: Work Programs TOPICS: Financial Reporting, Internal Controls, Reporting/Disclosure, Sarbanes-Oxley Act, Section 404 - Internal Control Reporting October 30, 2006 Investments in Securities, Derivative Instruments, and Hedging Activities - Audit Work Program The objective of this audit work program is to review the controls related to a company’s investment procedures. The work program reviews whether investment transactions were initiated in accordance with management’s established policies, the accuracy of investment information, and the results reported in the financial statements. CONTENT AREA: Work Programs TOPICS: Accounting/Finance, Audit Testing, Cash & Treasury, Internal Audit, Internal Audit Administration, Investments & Foreign Exchange, Financial and Credit Risk October 2, 2006 SOX Process Documentation Review Audit Work Program The objective of this audit program is to ensure that SOX 404 processes are documented to communicate a clear understanding of the business activity, including its related risks and controls, roles, and responsibilities. In addition, these steps are intended to ensure all changes made to process documentation are reviewed for accuracy and completeness. CONTENT AREA: Work Programs TOPICS: Sarbanes-Oxley Act, Internal Controls, Project Management, Section 404 - Internal Control Reporting September 25, 2006 Data Center Review Audit Work Program The objective of this work program is to evaluate access controls and environmental controls for the data center, and to develop recommendations to create meaningful change. CONTENT AREA: Work Programs TOPICS: Access Control Systems & Methodology, Technology, IT Controls, IT Infrastructure, Physical Security, Security August 31, 2006 Disaster Recovery Risk Assessment Audit Work Program This disaster recovery risk assessment work program provides an outline for standard business models. It is not intended to be an all-inclusive list, but a starting point in the risk assessment process. Key areas and related risks considered include environmental, man-made, business, and IT threats. CONTENT AREA: Work Programs TOPICS: Business Continuity Management, Disaster Recovery, Risk Management & Assessment, GRC August 17, 2006 Asset and Liability Management Policy Review Audit Work Program The objective of this audit work program is to review the policies governing the asset and liability management process. While performing this review, an auditor can determine if these policies are reviewed on a regular basis and assess the governance oversight of the asset and liability management function. CONTENT AREA: Work Programs TOPICS: Cash & Treasury, Corporate Governance, Audit Committee & Board, Compliance, Risk Management & Assessment, GRC July 29, 2006 Capital Raise Audit Work Program The objective of this audit work program is to review the capital raise process. While examining this process, an auditor can verify whether processes exist to report accurate and complete information; transactions are in adherence with company policies; and sufficient supporting documentation exists. CONTENT AREA: Work Programs TOPICS: Internal Audit, Audit Reporting, Audit Testing, Cash & Treasury, Internal Audit Administration, Investments & Foreign Exchange July 24, 2006 Commercial Property Lease Application Review Audit Work Program This is a sample work program for reviewing an application that handles transactions related to leasing and renting commercial property. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, Software Tools July 10, 2006 Business Continuity Management Audit Work Program This extensive business continuity management work program covers the following areas: general BCP, preliminary steps, examination scope and objectives, appropriateness of enterprise-wide BCP, oversight and support, business impact analysis, risk management, testing, IT documentation, hardware backup and recovery, software backup and recovery, preparation for data center recovery, inclusion of security procedures, critical outsourced activities, conclusions, and final steps. CONTENT AREA: Work Programs TOPICS: Business Continuity Management, Internal Audit June 19, 2006 Siebel/Oracle Information Security Audit Work Program This sample Siebel / Oracle information security work program provides procedures to evaluate six system control objectives. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, Security, Access Control Systems & Methodology, Operations Security, Software Tools April 17, 2006 Balance Sheet Review Audit Work Program This sample balance sheet review audit work program can be downloaded and reviewed for ideas and comparison with your own work programs. CONTENT AREA: Work Programs TOPICS: Internal Audit, Cash & Treasury, Financial Reporting April 10, 2006 Insurance Claims Review (Healthcare) Audit Work Program This healthcare audit work program is intended to assist in determining whether internal controls in the health insurance claims review process are in place and working effectively. This audit work program addresses topics such as duplicates, claim approvals, system interfaces, and refund status. CONTENT AREA: Work Programs TOPICS: Internal Audit, Sarbanes-Oxley Act, Audit Testing, Healthcare & Pharmaceuticals Industry, Internal Controls, IT Controls February 6, 2006 Corporate Responsibility Program Effectiveness Assessment Audit Work Program The objectives of this audit work program are to assess the effectiveness of a Corporate Responsibility Program (CRP), and to ensure that the company is continuing to put into practice the seven elements of an effective compliance program. CONTENT AREA: Work Programs TOPICS: Corporate Governance, Ethics, Internal Audit, GRC January 30, 2006 Construction Contracts Audit Work Program The audit objectives of this work program is to evaluate the adequacy of internal controls over the construction project; determine the extent of compliance with the terms of the contract; verify the propriety of the amounts paid for construction; identify and quantify overcharges to the construction project; and determine that assets are properly classified and componentized. Steps in this work program include reviewing bid documentation, evidence of contractor and subcontractor billings, and approval of change orders. CONTENT AREA: Work Programs TOPICS: Internal Audit, Audit Testing, Fixed Assets, Purchasing & Accounts Payable January 16, 2006 Healthcare Provider Contracting Audit Work Program This healthcare audit work program is intended to determine whether internal controls in the provider contracting and capitated payment processes are in place and working effectively. CONTENT AREA: Work Programs TOPICS: Internal Audit, Internal Controls, Healthcare & Pharmaceuticals Industry, Purchasing & Accounts Payable January 2, 2006 Charity Care Audit Work Program The objective of this program is to perform a high-level review of charity care program practices to validate compliance with hospital policy. Steps include a detailed analysis of selected charity accounts and bad debt accounts. CONTENT AREA: Work Programs TOPICS: Audit Reporting, Healthcare & Pharmaceuticals Industry, Internal Audit, Purchasing & Accounts Payable, Nonprofit Industry December 5, 2005 Charge Master Maintenance Audit Work Program The audit objective of this hospital work program is to analyze and evaluate the adequacy of the Charge Master Maintenance process. These steps verify that all charges are developed in accordance with policy, determine the degree of compliance by employees with administrative and financial policies as prescribed by management, and confirm if charges are developed timely and accurately. CONTENT AREA: Work Programs TOPICS: Accounts Receivable, Audit Testing, Healthcare & Pharmaceuticals Industry, Internal Audit, Internal Audit Administration November 7, 2005 IT Audit Work Program – Application Controls This sample work program covers various application controls necessary to support the business, focusing primarily on access and change controls. CONTENT AREA: Work Programs TOPICS: Internal Audit, Technology, IT Audit, Software Tools October 24, 2005 Vendor Rebates Audit Work Program This sample audit work program can be used to determine whether vendor rebate receivables have been properly recorded and calculated, to determine whether the General Reserve for vendor rebates and the inventory adjustment are adequate, and to review supporting documentation. CONTENT AREA: Work Programs TOPICS: Internal Audit, Accounting/Finance, Materials Management & Inventory October 17, 2005 Controls Monitoring Quarterly Assessment Audit Work Program This sample work program provides steps to perform a quarterly assessment of management’s monitoring of company-level controls. Specific objectives of this work program include: evaluate the effectiveness of management’s controls monitoring process; assess management’s progress with respect to the implementation of action plans designed to address deficiencies; provide management with an internal audit framework to use in monitoring key controls on an ongoing basis and evaluate whether those controls are operating as designed. CONTENT AREA: Work Programs TOPICS: Internal Audit, Sarbanes-Oxley Act, COSO, Self-Assessment, Corporate Governance, Audit Testing, Internal Controls, Entity-Level Control, GRC September 15, 2005 Audit Work Programs - Other Resources This page is provided as a resource for linking to work programs that other organizations have posted on the Internet. CONTENT AREA: Work Programs TOPICS: Internal Audit July 25, 2005 IT Change Management Audit Work Program IT change management is a process to manage changes to production hardware, network devices, operating systems, and application software. This sample audit work program helps assess IT change controls. CONTENT AREA: Work Programs TOPICS: Technology, Risk Management & Assessment, IT Controls, Change Management, GRC July 4, 2005 Customer Service and Support Renewal Audit Work Program This sample work program provides steps to review the customer service and support renewal function. Specific objectives of the work program include: determine compliance with certain customer service and support renewal local policies and procedures; evaluate overall effectiveness of the customer service and support renewal business functions; and identify internal control and process improvement opportunities. CONTENT AREA: Work Programs TOPICS: Internal Audit, Customer Satisfaction, Customer Fulfillment & Support, Revenue, Audit Testing June 20, 2005 Plant Operations Security Audit Work Program This sample work program provides steps to review plant operations security. Specific objectives of the work program include: determine the plant’s safety environment; ensure compliance with company and governmental requirements related to safety; and review that safety issues identified in various audits are addressed appropriately. CONTENT AREA: Work Programs TOPICS: Internal Audit, Security, Physical Security, Internal Audit Administration June 13, 2005 Direct Charges Audit Work Program This sample work program provides steps to review the direct charges process. Specific objectives of the work program include: understand procedures relating to the processing, payment, billing and reconciliation of direct charges; evaluate the control environment within the direct charge process; and investigate build up of direct charge transactions (debits) in the direct charge clearing account. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Reporting, Accounts Receivable, Purchasing & Accounts Payable, Audit Testing June 6, 2005 Treasury and Cash Management Audit Work Program This sample work program provides steps to audit the treasury process. Specific areas of review include the wire transfer process, foreign exchange exposure management, and interest rate swaps. CONTENT AREA: Work Programs TOPICS: Internal Audit, Accounting/Finance, Cash & Treasury, Investments & Foreign Exchange, Audit Testing, Financial and Credit Risk May 30, 2005 Plant Operations – Safety Audit Work Program This sample work program reviews the safety of plant operations. Specific objectives of the work program include assessing the plant’s safety environment; ensuring compliance with company and governmental requirements related to safety; and verifying that safety issues identified in various audits are addressed. CONTENT AREA: Work Programs TOPICS: Internal Audit, Laws & Regulations, Audit Testing, Internal Audit Administration May 23, 2005 RACF Mainframe Controls Audit Work Program This is a sample work program to assist in an RACF controls review. Specific objectives of the work program are to ensure system software is inventoried and maintained, change controls are in place, procedures for initial program load (IPL) are clearly documented and distributed, and procedures exist to monitor system capacity and performance. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, Security, IT Controls, IT Audit, IT Infrastructure, Security Architecture & Models May 16, 2005 Privacy Controls Audit Work Program This sample work program provides audit steps for a privacy controls review. Specific objectives of the work program include: verifying management direction and support for privacy controls; checking system implementations and changes are appropriately tested; reviewing policies and procedures; and testing that privacy controls are working effectively. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, Sarbanes-Oxley Act, Privacy, IT Controls, IT Audit May 9, 2005 Application Controls Audit Work Program There are five areas that should be considered when auditing financial end-user developed spreadsheets and other applications: change control; version control; access control; input control; and security and integrity of data. This audit program has a variety of audit steps you can apply depending on the complexity of the application. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, Security, Software Tools, Application Development Security May 2, 2005 Order to Bill Process Audit Work Program This sample work program reviews the order to bill process. Specific objectives of the work program include ensure orders are accurately filled, use of old/obsolete inventory, and accurate customer billing. CONTENT AREA: Work Programs TOPICS: Accounting/Finance, Accounts Receivable, Audit Testing, Internal Audit, Supply Chain, Revenue April 25, 2005 Membership and Billing Audit Work Program This work program reviews the membership and billing process within a healthcare cooperative. Specific areas of review include group contract rates, membership status, and adjustments/credits made to membership billings. CONTENT AREA: Work Programs TOPICS: Internal Audit, Accounts Receivable, Healthcare & Pharmaceuticals Industry, Audit Testing April 11, 2005 UNIX Security Audit Work Program This sample work program covers the general security of systems running the UNIX operating system It reviews control elements, general system admin issues, account groups, remote and root logins, passwords, super users and services. CONTENT AREA: Work Programs TOPICS: Technology, IT Audit, IT Infrastructure November 29, 2004 Restaurant Site Review Audit Work Program This tool is designed to assist Internal Audit with the review of the following areas of restaurant operation: Cash Control; Asset Control; Operations Management; Inventory Control; Information Systems; and Human Resources. CONTENT AREA: Work Programs TOPICS: Internal Audit, Hospitality Industry September 20, 2004 Budgeting Process Audit Work Program The purpose of this work program is to evaluate the overall process for planning and completing budgeting, to determine the effectiveness of compliance with corporate policies and procedures, and to ensure the budget process is operating as planned. CONTENT AREA: Work Programs TOPICS: Internal Audit, Budgeting September 3, 2004 Fraud Prevention and Detection Audit Work Program This program can be used by internal auditors as an evaluation tool or converted into a questionnaire for use with management to better understand current fraud prevention and detection program activities. CONTENT AREA: Work Programs TOPICS: Ethics, Fraud, Internal Audit, Compliance, GRC July 30, 2004 Social Responsibilities Programs Analysis Audit Work Program Reputation risk associated with lack of social responsibility programs, instances of possible ethics violations, and other ‘red-flag’ occurrences should be considered during annual audit planning. This work program is intended to position the internal audit function to help identify social responsibility issues that the organization may not be adequately addressing and to assess controls around those programs. CONTENT AREA: Work Programs TOPICS: Ethics, Internal Audit July 8, 2004 Close the Books Audit Work Program (Sample 2) The preface to this sample audit program discusses general audit procedures, other considerations, and management controls to review in auditing the close the books process. CONTENT AREA: Work Programs TOPICS: Internal Audit, Compliance, Financial Reporting, Close the Books, Segregation of Duties, GRC June 25, 2004 Product Development Audit Work Program New product development is a critical part of any enterprise and internal audit can help to assure controls over the resources are effective. This work program includes an overview for understanding and engaging in this important area. The program includes risk analysis, special and operational considerations, and evaluation components for an audit review. CONTENT AREA: Work Programs TOPICS: Cost Management, Internal Audit, Sales Process & Marketing June 10, 2004 Pricing & Discounts Audit Work Program Product pricing and customer can have significant impact on revenue. Internal audit can help to assure that controls over pricing and discounts are effective. This sample audit program will assist in a thorough review of this area. CONTENT AREA: Work Programs TOPICS: Cost Management, Internal Audit, Compliance, Customer Fulfillment & Support, Sales Process & Marketing, GRC June 4, 2004 Cost Estimation Audit Work Program Cost estimation is an important part of determining prices for deliverables. Poor controls can lead to proposal loss or project cost overruns. This work program covers areas including: bids, labor/material cost, engineering, other allocations, and change orders. CONTENT AREA: Work Programs TOPICS: Cost Management, Internal Audit, Budgeting, Expense Reporting, Materials Management & Inventory May 28, 2004 Third Party Labor Contractor Audit Work Program Third party labor is often an important part of operations -- especially during times of expansion. This work program covers: contract/bid processes, billing matters, time reporting controls, and possible areas for improvement. CONTENT AREA: Work Programs TOPICS: Cost Management, Internal Audit, Compensation & Benefits, Expense Reporting May 14, 2004 Advertising and Promotion Audit Work Program This work program includes an overview for understanding and engaging in a review of controls around advertising and promotions. The work program includes risk analysis, special and operational considerations, and recommendations for key internal controls. CONTENT AREA: Work Programs TOPICS: Cost Management, Internal Audit, Compliance, Sales Process & Marketing, GRC May 6, 2004 Other Assets Audit Work Program Other assets should be reviewed to determine if the processes of approval, maintaining subsidiary ledgers, and reconciliation to general ledger accounts are adequately supervised and controlled. Although other assets are normally not significant amounts to the overall financial statements, these items, especially in the prepaid expenses area, can create surprises for management if not maintained properly. CONTENT AREA: Work Programs TOPICS: Cost Management, Internal Audit, Accounting/Finance April 8, 2004 Spending Authority Audit Work Program Spending authority limits represent a key component of the internal control structure. Spending authority is an extension of management’s delegated authority to approve transactions. This work program provides steps and considerations for reviewing spending authority policies and processes CONTENT AREA: Work Programs TOPICS: Fraud, Internal Audit, Internal Controls, Expense Reporting, Materials Management & Inventory, Purchasing & Accounts Payable, Segregation of Duties April 1, 2004 System Management Risk Assessment & Control Audit Work Program Since most financial transactions are processed and maintained in the IT environment, the IT function is critical for all financial audits performed. This work program will assist audit teams to identify risks and related controls for logical security administration and monitoring, physical security, change management, problem management and system availability. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, Security, Risk Management & Assessment, IT Audit, IT Infrastructure, Security Management Practices, Change Management, GRC March 25, 2004 Other Liabilities Audit Work Program Other liabilities should be reviewed to determine if the processes of approval, maintaining subsidiary ledgers, and periodic reconciliation to the general ledger accounts are adequately controlled. CONTENT AREA: Work Programs TOPICS: Cost Management, Internal Audit, Accounting/Finance, Audit Testing March 18, 2004 Revenue Recognition Audit Work Program This work program example focuses on the major revenue areas associated with the sales cycle particularly major customers and channel partners. CONTENT AREA: Work Programs TOPICS: Internal Audit, Accounting/Finance, Revenue March 11, 2004 Foreign Corrupt Practices Act (FCPA) Audit Work Program This work program will assist audit teams to review compliance with the Foreign Corrupt Practices Act of 1977. An introduction describes the basics of the Act. CONTENT AREA: Work Programs TOPICS: Corporate Governance, Cross Border & Non-US Issues, Fraud, Internal Audit, Laws & Regulations, Training & Development, GRC February 26, 2004 Expenditure Cycle Audit Work Program with CAATs This work program is designed to assist the audit team to perform additional review tests of the high volume expenditure areas using Computer Assisted Audit Testing (CAATs). The following tests can provide a manageable set of supervisory oversight controls through transaction analysis for line management in expenditure areas. CONTENT AREA: Work Programs TOPICS: Compliance, Fraud, Technology, Internal Audit, Internal Controls, Accounts Receivable, Expense Reporting, IT Audit, Purchasing & Accounts Payable, Segregation of Duties, Continuous Auditing, GRC February 6, 2004 Software Licensure Compliance Audit Work Program Software licensing activities are often considered a limited area of auditor concern since upgrade events and installations are limited and seemingly simple. However, there is an entry on a financial statement balance sheet representing the recorded value of property, equipment, and other durable purchased goods and the treatment of software should be carefully examined for appropriateness. This work program for can be modified for scope considerations that will depend on the extent and particulars of the licensing agreement included under review. CONTENT AREA: Work Programs TOPICS: Fraud, Technology, Internal Audit, Laws & Regulations, Fixed Assets, IT Infrastructure, Software Tools, IT Audit January 5, 2004 Capital Expenditure Audit Work Program This work program on capital expenditures auditing provides an example of steps to include in a review of internal controls surrounding fixed assets. Included is a general discussion of the financial, operational, and technology aspects of capital expenditure auditing. A few associated CAATs testing procedures are included to assist those considering computer-assisted techniques. CONTENT AREA: Work Programs TOPICS: Internal Audit, Expense Reporting, Fixed Assets, Purchasing & Accounts Payable, Segregation of Duties, Continuous Auditing December 11, 2003 Hotel Expenditure Cycle Audit Work Program This robust work program will assist in a comprehensive review of the expenditure cycle. Although the program is tailored to a hotel it includes review of the purchasing, receiving, inventory and supervisory operational and financial expenditure areas. Related Computer Assisted Audit Techniques (CAATS) or ACL type tests are included to leverage IT audit team members. CONTENT AREA: Work Programs TOPICS: Internal Audit, Compliance, Hospitality Industry, Purchasing & Accounts Payable, GRC November 14, 2003 Hotel Industry - Property Receivables & Credit Audit Work Program This work program will assist teams to understand the controls and related processing risks for performing a review of Accounts Receivable & Credit areas of the Hotel. Topics such as guest ledgers, doubtful accounts, and inter-company accounts are included. CONTENT AREA: Work Programs TOPICS: Internal Audit, Risk Management & Assessment, Accounts Receivable, Credit & Collections, Hospitality Industry, GRC October 22, 2003 Hotel Property Treasury & Cash Handling Audit Work Program This work program will assist a comprehensive review of a hotel property’s cash and treasury practices including cash floats, cashier handling and analysis. Review steps address general cashier procedures, petty cash, and aspects of front office operations. CONTENT AREA: Work Programs TOPICS: Fraud, Internal Audit, Cash & Treasury, Hospitality Industry, Investments & Foreign Exchange October 16, 2003 Hotel Financial Reporting & Revenue Recognition Audit Work Program Revenue recognition and related risk of fraud is an issue for all industries and the hospitality sector is no exception. This work program will assist a comprehensive review of hotel revenue practices including reservations, restraints, and other revenue streams. An overview of audit requirements with focus upon SAS-99 fraud considerations is included. CONTENT AREA: Work Programs TOPICS: Fraud, Internal Audit, Hospitality Industry, Revenue September 26, 2003 Hotel Financial Reporting and Management Contract/Lease Agreement Areas Review Audit Work Program This work program is designed to assist the audit team in performing a comprehensive review of the financial reporting area and of a hotel or similar facility’s compliance with its management contract or lease agreement. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Reporting, Hospitality Industry September 18, 2003 Application Security Review and Testing Audit Work Program Application security involves checking the security controls of an application, not the operating system or device that hosts the application. A thorough and exhaustive evaluation of the security issues related to e-Business applications is best tackled using a phased approach, such as that described here. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, Security, Application Development Security, E-Business, Internet/Intranet, Operations Security, IT Audit September 11, 2003 Bank Deposit Cycle: Control Objectives and Audit Work Program The control objectives guide identifies the types of risks that can be present in a bank's deposit cycle, and lists many process and monitoring type controls that can be put in place to minimize these risks. The associated work program assists in evaluating the effectiveness of the deposit cycle internal control structure. CONTENT AREA: Work Programs TOPICS: Financial Services Industry September 11, 2003 Customer Care & Order Fulfillment - Control Analysis & Segregation of Duties Audit Work Program This guide will help to evaluate the adequacy of internal controls in the customer order fulfillment and cash handling processes. It includes a checklist of control activities and a related cash handling segregation of duties matrix. CONTENT AREA: Work Programs TOPICS: Accounts Receivable, Best Practices, Cash & Treasury, Customer Fulfillment & Support, Customer Satisfaction, Distribution Industry, Internal Audit, Sales Process & Marketing, Supply Chain, Segregation of Duties September 4, 2003 Security, Audit, and Control Audit Work Program for Windows 2000 This sample work program covers areas specific to the security of systems running Microsoft Windows 2000. Topics covered include: system administration issues, password and other logon controls, group management and separation of duties, reviewing domain names, structures, and trust relationships, maintaining the security of file system objects, auditing and event logging issues, and more. CONTENT AREA: Work Programs TOPICS: Internal Audit, IT Audit, IT Infrastructure, Security, Software Tools, Technology, Segregation of Duties September 3, 2003 Bank Expenditure Nonpayroll Cycle: Control Objectives and Audit Work Program This control objectives guide identifies the types of risks that can be present in a bank's expenditure nonpayroll cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program can in evaluating the effectiveness of the expenditure nonpayroll cycle internal control structure. CONTENT AREA: Work Programs TOPICS: Financial Services Industry, Purchasing & Accounts Payable August 28, 2003 Security, Audit, and Control Audit Work Program for Microsoft Windows - General This sample work program covers the security of systems running the Microsoft Windows family of operating systems. It looks at IT policy, organization, system development & maintenance, operations, data communication, documentation, physical security, backup and disaster recovery. CONTENT AREA: Work Programs TOPICS: Business Continuity Management, Technology, Internal Audit, Security, Disaster Recovery, IT Audit, IT Infrastructure, Software Tools August 8, 2003 Data Conversion Controls Audit Work Program The objective of this work program is to determine whether the appropriate project management controls are in place to ensure a successful and effective conversion of data from a legacy systems to a new system. Adequate planning and execution of a controlled data conversion process can save rework time and help ensure new system launches are successful. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, IT Audit July 24, 2003 Procurement and Accounts Payable Controls Audit Work Program The expense cycle is a high transaction processing area that includes both manual and application controls. This work program provides a comprehensive controls review of the procurement and related accounts payables processes including key risk areas, processing controls (segregation of duties), and steps to uncover opportunities for process/control improvements. CONTENT AREA: Work Programs TOPICS: Best Practices, Internal Audit, Purchasing & Accounts Payable, Segregation of Duties July 11, 2003 Contract Review Audit Work Program The objectives of this work program are to assess whether contracts are executed in accordance with agreed upon terms and to ensure all contracts are valid, properly authorized and mitigate risk of loss. CONTENT AREA: Work Programs TOPICS: Internal Audit, Compliance, IT Audit, GRC June 27, 2003 Sales Commissions Audit Work Program Sales commissions structures can be complex, posing the risk of over- or under-paying sales professionals and running afoul of regulations and policies. The following work program can be used as a template to create a sales commission review plan. Any plan will need to be customized to the features of your organization’s sales compensation structures. CONTENT AREA: Work Programs TOPICS: Best Practices, Internal Audit, Compensation & Benefits, Sales Process & Marketing, IT Audit, Segregation of Duties June 12, 2003 Security Policy Audit Work Program The purpose of this work program is to determine whether the right security policies exist, and for those policies that do exist, to determine whether they cover the necessary issues and are disseminated to the right people. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, Internal Controls, Security, Security Management Practices June 5, 2003 Ethics Program Audit Work Program An organization’s ethics program is increasingly important in the current regulatory environment and critical to minimizing reputation risk. Internal audit is responsible for evaluating the effectiveness of ethics programs that can significantly reduce reputation risk exposure. However, evaluating a relatively intangible area such as ethical behavior can be challenging; this work program can assist in developing a comprehensive review. CONTENT AREA: Work Programs TOPICS: Best Practices, Corporate Governance, Ethics, Internal Audit, Compliance, GRC May 30, 2003 Security Administration Audit Work Program The purpose of this work program is to determine whether company policy and the structure of the security administration function provide for adequate administration of logical security. The information and guidelines in the work program can be used to audit the state of security administration. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, Internal Controls, Security, Security Management Practices April 17, 2003 Fixed Assets & Property Auditing - Overview and Audit Work Program This work program outlines the primary controls and considerations for an internal audit of property or fixed assets. Included is a general discussion of the financial, operational, and technology aspects of property auditing. The appendix shows a sample system flow and some testing procedures to assist those considering computer-assisted techniques. CONTENT AREA: Work Programs TOPICS: Best Practices, Internal Audit, Taxation, Fixed Assets, Continuous Auditing March 21, 2003 Physical Security Audit Work Program This work program outlines physical security best practices for data centers and information processing/storage facilities. It then details the control practices and control techniques that should be investigated as part of an audit or review of physical security. CONTENT AREA: Work Programs TOPICS: Best Practices, Business Continuity Management, Technology, Internal Audit, Security, IT Infrastructure, Physical Security February 13, 2003 IT Strategy Management Audit Work Program This sample IT strategy management audit program can be downloaded and reviewed for ideas and comparison with your own work programs. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, IT Strategy February 6, 2003 IT Help Desk Audit Work Program This sample IT help desk audit program can be downloaded and reviewed for ideas and comparison with your own work programs. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, IT Infrastructure January 29, 2003 Stock Administration Audit Work Program This work program focuses upon the internal responsibilities of corporate stock program administration. Controls may span several internal functions and external organizations.
This work program includes some general and specific tests that can be modified to reflect the specific plans and administration attributes of your organization. CONTENT AREA: Work Programs TOPICS: Internal Audit, Outsourcing/Co-sourcing/Shared Services, Taxation, Compensation & Benefits, Human Resources, Investments & Foreign Exchange, Payroll, Segregation of Duties January 23, 2003 Platform Management Audit Work Program This sample platform management work program can be downloaded and reviewed for ideas and comparison with your own work programs. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, Performance Management/Measurement, Risk Management & Assessment, IT Infrastructure, GRC January 17, 2003 Network Management Audit Work Program This sample network management work program can be downloaded and reviewed for ideas and comparison with your own work programs. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, Risk Management & Assessment, Internet/Intranet, IT Infrastructure, Telecommunications, Communications Industry, GRC January 9, 2003 Accounts Receivable & Credit Internal Audit Work Program -- Segregation of Duties Accounts receivables processing between sales order entry to collections can create significant risk to cash flow from aging receivables and cash handling. Internal audit teams can utilize the following work program designed to focus upon segregation of duties and general control concerns. Combined with the segregation of duties matrix this work program will assist internal audit team to evaluate management internal control assertions. CONTENT AREA: Work Programs TOPICS: Best Practices, Internal Audit, Accounts Receivable, Cash & Treasury, Credit & Collections, Segregation of Duties January 9, 2003 IT Organization Audit Work Program This sample IT organization work program can be downloaded and reviewed for ideas and comparison with your own work programs. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, Risk Management & Assessment, IT Infrastructure, GRC January 3, 2003 IT Data Management Audit Work Program This sample IT data management work program can be downloaded and reviewed for ideas and comparison with your own work programs. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, IT Infrastructure December 20, 2002 IT Operations Management Audit Work Program This sample IT operations management work program can be downloaded and reviewed for ideas and comparison with your own work programs. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, IT Infrastructure December 13, 2002 Security Management Audit Work Program This sample security management work program can be downloaded and reviewed for ideas and comparison with your own work programs CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, Security, IT Infrastructure, Security Management Practices December 5, 2002 Business Continuity Management Audit Work Program This sample Business Continuity Management (BCM) work program can be downloaded and reviewed for ideas and comparison with your own work programs CONTENT AREA: Work Programs TOPICS: Business Continuity Management, Technology, Internal Audit, IT Infrastructure November 27, 2002 IT Application Management Audit Work Program This sample IT application management work program can be downloaded and modified as applicable for your organization. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, IT Infrastructure, Software Tools November 27, 2002 Revenue Recognition Audit Work Program Revenue recognition at cut-off dates for financial reporting of sales and inventory can create overstatements, double counting and other risk of misstatement. The following work program will assist in development of a tailored company internal control effort designed to ensure accurate transaction recording. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Reporting, Supply Chain, Revenue, Sales Process & Marketing November 14, 2002 Desktop Management Audit Work Program This sample desktop management work program can be downloaded and modified as applicable for your organization. CONTENT AREA: Work Programs TOPICS: Asset Management, Cost Management, Technology, Internal Audit, IT Infrastructure November 8, 2002 IT Asset Management Audit Work Program This sample IT asset management work program can be downloaded and modified as applicable for your organization. CONTENT AREA: Work Programs TOPICS: Asset Management, Technology, Internal Audit, Fixed Assets, IT Infrastructure August 13, 2002 Accounts Payable Audit Work Program This sample work program can be downloaded and reviewed for ideas and comparison with your own work programs. CONTENT AREA: Work Programs TOPICS: Internal Audit, Purchasing & Accounts Payable, Accounting/Finance May 8, 2002 Expenditure Cycle Audit Work Program This internal audit work program looks at expenditure cycle activities and tests purchasing, accounts payable, travel and entertainment charges, and payroll. CONTENT AREA: Work Programs TOPICS: Internal Audit, Expense Reporting, Human Resources, Payroll, Purchasing & Accounts Payable May 1, 2002 Inventory Management Audit Work Program (sample 2) This sample inventory management work program can be downloaded and reviewed for ideas and comparison with your own work programs. CONTENT AREA: Work Programs TOPICS: Internal Audit, Security, Materials Management & Inventory April 24, 2002 Stock Option Audit Work Program This internal audit work program focuses on understanding and evaluating the company's stock option management process, performing testing, and investigating control weaknesses. CONTENT AREA: Work Programs TOPICS: Internal Audit, Compensation & Benefits, Human Resources April 17, 2002 Warranty/Field Services Audit Work Program This internal audit work program reviews controls to ensure that all service activity -- above and beyond what is called for in a warranty contract -- is captured, tracked and billed to the customer. The program directs auditors to review the process, the documentation generated during a customer inquiry, reports generated as a result of service activity, and to perform transaction testing. CONTENT AREA: Work Programs TOPICS: Internal Audit, Customer Fulfillment & Support, Revenue April 10, 2002 Sales Compensation Audit Work Program This work program suggests steps for an internal audit review over the sales compensation and commission payment process. The primary objective is to review controls, metrics, and process efficiency. Some of the key work steps include understanding the process, segregation of duties, understanding plan attributes and benchmarking. CONTENT AREA: Work Programs TOPICS: Internal Audit, Compensation & Benefits, Payroll, Segregation of Duties April 3, 2002 Original Equipment Manufacturer (OEM) Qualification Audit Work Program This sample work program guides an internal audit of the processes and controls a company may use to select, qualify, approve, and maintain OEM customers. Work steps focus on customer qualification attributes, customer master file controls, standard forms, authorization and sign-off, cycle time, and related issues. CONTENT AREA: Work Programs TOPICS: Customer Satisfaction, Internal Audit, Customer Fulfillment & Support, Sales Process & Marketing March 20, 2002 Returns Management Audit Work Program This work program focuses primarily on transaction and controls testing for a company's Returns Management process. Overall efficiency of the process is considered along with performance metrics, authorization, cycle time, quality control, receiving controls, segregation of duties and the like. CONTENT AREA: Work Programs TOPICS: Internal Audit, Credit & Collections, Materials Management & Inventory, Segregation of Duties March 6, 2002 Order Management Process Audit Work Program This work program provides key steps for a review of the order management process. Work steps include the identification of the process flow, identification of performance metrics, computer assisted auditing steps, process audit steps, and comparison to known best practices. CONTENT AREA: Work Programs TOPICS: Internal Audit, Customer Fulfillment & Support, Supply Chain, Materials Management & Inventory, Sales Process & Marketing February 21, 2002 Casino Audit Work Program This casino audit work program covers reviews of live gaming tables, electronic gaming devices, cashiering and credit, currency transaction reporting, and more. CONTENT AREA: Work Programs TOPICS: Internal Audit, Cash & Treasury, Gaming Industry February 7, 2002 Construction Cost Audit Work Program This program focuses on identifying charges that were not allowed to be charged to an owner based on the construction contract between the owner and the general contractor. Steps are provided for reviewing both lump-sum contracts and cost-plus contracts. CONTENT AREA: Work Programs TOPICS: Cost Management, Internal Audit December 18, 2001 Property, Plant and Equipment Audit Work Program This audit program primarily focuses on existence, additions, disposals, and depreciation of fixed assets and leases. CONTENT AREA: Work Programs TOPICS: Internal Audit, Fixed Assets December 13, 2001 Accrued Liabilities Audit Work Program This audit program primarily focuses on identification and reporting of contingencies and accrued liabilities. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Reporting, Purchasing & Accounts Payable December 10, 2001 Construction Project Contracts Audit Work Program This audit work program primarily reviews controls around obtaining contractors, controlling costs, managing change orders, and administration for construction projects undertaken by a company. CONTENT AREA: Work Programs TOPICS: Cost Management December 6, 2001 Cash Compliance Audit Work Program This compliance based work program covers existence, accuracy, and cut-off of cash balances. CONTENT AREA: Work Programs TOPICS: Internal Audit, Cash & Treasury October 19, 2001 Travel Review Audit Work Program This sample work program can be downloaded and reviewed for ideas and comparison with your own work programs. CONTENT AREA: Work Programs TOPICS: Internal Audit, Internal Controls, Expense Reporting October 18, 2001 Bank Expenditure Payroll Cycle: Control Objectives and Audit Work Program This control objectives guide identifies the types of risks that can be present in a bank's expenditure payroll cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program assists in evaluating the effectiveness of the expenditure payroll cycle internal control structure. CONTENT AREA: Work Programs TOPICS: Best Practices, Financial Services Industry, Payroll October 17, 2001 Payment Review Audit Work Program This work program focuses primarily on identification of unauthorized payments that may be occurring within an organization. CONTENT AREA: Work Programs TOPICS: Internal Audit, Purchasing & Accounts Payable October 10, 2001 Export Compliance Audit Work Program This program focuses internal auditors on the necessary controls which should be in place to ensure a compliant export management system. CONTENT AREA: Work Programs TOPICS: Internal Audit, Cross Border & Non-US Issues, Supply Chain July 31, 2001 Bank Financial Reporting Cycle: Control Objectives and Audit Work Program This control objectives guide identifies the types of risks that can be present in a bank's financial reporting cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program can assist in evaluating the effectiveness of the financial reporting cycle internal control structure. CONTENT AREA: Work Programs TOPICS: Financial Reporting, Financial Services Industry July 25, 2001 Banking Control Objectives and Audit Work Programs This guide discusses the attributes, the control objectives, and the risks to be addressed in bank cycles. The objective of these tools is to assist management in analyzing the effectiveness of the internal control structure over financial reporting. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Services Industry July 24, 2001 Human Resource Audit Work Program This Human Resources Review Work Program primarily focuses on testing controls over the following sub-processes: New hire activity, termination activity, pay rate changes, and performance evaluations. CONTENT AREA: Work Programs TOPICS: Best Practices, Internal Audit, Human Resources July 23, 2001 Bank Investment Cycle: Control Objectives and Audit Work Program This control objectives guide identifies the types of risks that can be present in a bank's investment cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program can assist in evaluating the effectiveness of the investment cycle internal control structure. CONTENT AREA: Work Programs TOPICS: Financial Services Industry, Investments & Foreign Exchange July 23, 2001 Bank Investment Cycle: Control Objectives and Audit Work Program This control objectives guide identifies the types of risks that can be present in a bank's loan cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program can assist in evaluating the effectiveness of the loan cycle internal control structure. CONTENT AREA: Work Programs TOPICS: Credit & Collections, Financial Services Industry July 23, 2001 Bank Treasury Cycle: Control Objectives and Audit Work Program This control objectives guide identifies the types of risks that can be present in a bank's treasury cycle, and lists many process and monitoring type controls that can be put in place to minimize these risks. The associated work program can assist in evaluating the effectiveness of the treasury cycle internal control structure. CONTENT AREA: Work Programs TOPICS: Internal Controls, Cash & Treasury, Financial Services Industry July 23, 2001 Bank Trust Cycle: Control Objectives and Audit Work Program This control objectives guide identifies the types of risks that can be present in a bank's trust cycle, and lists many process and monitoring type controls that can be put in place to minimize the risks. The associated work program can assist in evaluating the effectiveness of the trust cycle internal control structure. CONTENT AREA: Work Programs TOPICS: Financial Services Industry May 15, 2001 Consumer Credit Lending Audit Work Program This sample work program can be downloaded and reviewed for ideas and comparison with your own work programs. CONTENT AREA: Work Programs TOPICS: Internal Audit, Credit & Collections, Financial Services Industry February 8, 2001 Payroll/Human Resources Audit Work Program Review the Payroll processing function focusing on adequacy of controls, overall efficiency and effectiveness of the processes, and compliance with policies and procedures. Additionally, review the Human Resources function as it relates to Payroll focusing on completeness of personnel files, adequacy of supporting documentation for changes to employee profile, and timely reporting of employee information (new hires, terminations, merit increases, etc.) to Payroll. CONTENT AREA: Work Programs TOPICS: Internal Audit, Human Resources, Payroll February 7, 2001 Travel and Expense Reporting Audit Work Program Review the travel and expense reporting function focusing on proper review and approval of reimbursement items, adequacy of supporting documentation, and efficiency of the reimbursement process. CONTENT AREA: Work Programs TOPICS: Internal Audit, Expense Reporting January 24, 2001 Billing and Collections Audit Work Program (Healthcare) This work programs reviews billing, collections and account follow-up processes. Specific areas of review include patient and insurance billing; processing of adjustments and refunds; and timely follow-up of account balances on aging reports. CONTENT AREA: Work Programs TOPICS: Best Practices, Internal Audit, Credit & Collections, Healthcare & Pharmaceuticals Industry January 24, 2001 Cash Collections, Security & Recording Audit Work Program (Healthcare) Cash Collections and Security entails assessing the controls related to the collection of cash at various locations. The program reviews procedures for cash security, recordkeeping, check acceptance and handling, customer receipts, cash reconciliation, money transfer, cash deposit, petty cash and change fund authorization and replenishment, and proper segregation of duties. CONTENT AREA: Work Programs TOPICS: Internal Audit, Cash & Treasury, Healthcare & Pharmaceuticals Industry, Segregation of Duties January 22, 2001 Fixed Asset Accounting Audit Work Program This work program reviews the adequacy and efficiency of current Capital Asset Management polices and procedures as they relate to asset procurement, tracking and monitoring, recording and reporting, disposal of assets, and depreciation. CONTENT AREA: Work Programs TOPICS: Internal Audit, Accounting/Finance, Fixed Assets January 22, 2001 Materials Management and Purchasing Audit Work Program The purpose of this audit work program is to review compliance with established procedures for the purchasing function. Specific areas of focus include the requisitioning process, consistent pricing, identifying and obtaining key vendors, proper authorization, adequacy of supporting documentation, timeliness of receiving process, and existence of segregation of duties. CONTENT AREA: Work Programs TOPICS: Internal Audit, Materials Management & Inventory, Purchasing & Accounts Payable January 8, 2001 Hotel Audit Work Program This tool is a comprehensive work program to use as a guideline for auditing a hotel. It covers many processes related to hotel management, and can also be modified for other hospitality and service operations such as restaurants. CONTENT AREA: Work Programs TOPICS: Internal Audit, Hospitality Industry, Payroll, Sales Process & Marketing, Supply Chain January 8, 2001 Investment Management Firm(s) Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit at an investment management firm. This document provides work steps to prepare for a visit to the firm and perform reviews and audit testing. CONTENT AREA: Work Programs TOPICS: Ethics, Internal Audit, Materials Management & Inventory, SAS 70, Financial Services Industry January 2, 2001 Accounts Payable/Expense Accounting Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of accounts payable/expense accounting. This document provides audit work steps for planning, fieldwork and reporting. Steps for fieldwork address the areas of accounts payable, expense reporting, purchasing and procurement cards. CONTENT AREA: Work Programs TOPICS: Internal Audit, Expense Reporting, Purchasing & Accounts Payable January 2, 2001 Accounts Receivable / Collections Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of the accounts receivable/collections process. This document provides audit work steps for planning, fieldwork, testing and reporting. Specific steps include understanding and documenting the process, identifying improvement opportunities, and associated test steps. CONTENT AREA: Work Programs TOPICS: Internal Audit, Accounts Receivable, Credit & Collections January 2, 2001 Accounts Receivable/Credit & Collections Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of accounts receivable/credit and collections. This document provides audit objectives and work steps for project planning, obtaining and reviewing documentation, benchmarking company accounts receivable processes, testing, discussing findings with management, and creating reports. CONTENT AREA: Work Programs TOPICS: Internal Audit, Accounts Receivable, Credit & Collections January 2, 2001 Bank Branch Internal Audit - Cash Audit Work Program The purpose of this work program is to provide the general steps used to perform a cash audit at a bank branch. This document provides audit procedures for counting cash funds, preparing a proof of available ATMs, counting of petty cash, reviewing coin and currency logs, and many other processes. CONTENT AREA: Work Programs TOPICS: Internal Audit, Cash & Treasury, Financial Services Industry January 2, 2001 Bank Branch Internal Audit - Certification of Checks Audit Work Program The purpose of this work program is to provide the general steps used to perform a certification of check audits at a bank branch. This document provides audit procedures for reviewing recent certifications, tracing fees collected recently, and reviewing any certified checks that were returned. CONTENT AREA: Work Programs TOPICS: Internal Audit, Cash & Treasury, Financial Services Industry January 2, 2001 Bank Branch Internal Audit - Checking Accounts and Overdrafts Audit Work Program The purpose of this work program is to provide the general steps used to perform a checking account and overdraft audit at a bank branch. This document provides audit procedures for reviewing overdraft approval, dormant account activity, and availability of funds. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Services Industry January 2, 2001 Bank Branch Internal Audit - Encashment and Cash Items Audit Work Program The purpose of this work program is to provide the general steps used to perform an encashment and cash items audit at a bank branch. This document provides audit procedures for reviewing the process by which a bank branch cashes payroll checks for employees of bank depositors. CONTENT AREA: Work Programs TOPICS: Internal Audit, Cash & Treasury, Financial Services Industry January 2, 2001 Bank Branch Internal Audit - General Audit Work Program The purpose of this work program is to provide the general steps used to perform a general audit at a bank branch. This document provides audit procedures for reviewing branch general ledger balances for fraudulent checks and overdraft losses, and reconciliation of accounts payable and receivable accounts. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Services Industry January 2, 2001 Bank Branch Internal Audit - Income & Expense Audit Work Program The purpose of this work program is to provide the general steps used to perform an income and expense audit at a bank branch. This document provides audit procedures for reviewing miscellaneous disbursement reports, and any debit entries to a general ledger income account over a specific dollar amount. CONTENT AREA: Work Programs TOPICS: Internal Audit, Expense Reporting, Financial Services Industry January 2, 2001 Bank Branch Internal Audit - Items Held on Consignment Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of items held on consignment at a bank branch. This document provides audit procedures for reviewing the reserve and working supplies and fees collected for American Express traveler’s cheques. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Services Industry January 2, 2001 Bank Branch Internal Audit - Night Deposit Audit Work Program The purpose of this work program is to provide the general steps used to perform a night deposit audit at a bank branch. This document provides audit procedures for reviewing information related to night deposits including location, contents, and selected night depositors. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Services Industry January 2, 2001 Bank Branch Internal Audit - Safe Deposit Audit Work Program The purpose of this work program is to provide the general steps used to perform a safe deposit audit at a bank branch. This document provides audit procedures for reviewing daily transaction journals, trial balances, billing records, contract cards, access slips, and unrented keys. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Services Industry January 2, 2001 Bank Branch Internal Audit - Savings Audit Work Program The purpose of this work program is to provide the general steps used to perform a savings audit at a bank branch. This document provides audit procedures for reviewing inventories on hand, savings deposit and withdrawal activity, and related reporting. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Services Industry January 2, 2001 Bank Branch Internal Audit - Security Audit Work Program The purpose of this work program is to provide the general steps used to perform a security audit at a bank branch. This document provides audit procedures for reviewing security forms and general security activities, such as the inspection of the bank by a designated person. CONTENT AREA: Work Programs TOPICS: Internal Audit, Security, Financial Services Industry, Security Management Practices January 2, 2001 Bank Branch Internal Audit - Unissued Checks & Money Orders Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of unissued checks and money orders at a bank branch. This document provides audit procedures for reviewing inventories for official checks and money orders, and daily issuance logs. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Services Industry January 2, 2001 Bank Branch Internal Audit - Wire Transfers and Foreign Remittances Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of wire transfers and foreign remittance at a bank branch. This document provides procedures for reviewing wire transfer forms, completed wire transfers, and applications for foreign exchange drafts or cables. CONTENT AREA: Work Programs TOPICS: Internal Audit, Cash & Treasury, Financial Services Industry January 2, 2001 Bank Investments Department Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of a bank’s investments department. This document provides audit procedures for the review of safekeeping items, federal funds, repurchase agreements, securities, commercial paper held, FASB 115, FDICIA, and asset and liability policies. CONTENT AREA: Work Programs TOPICS: Internal Audit, Cash & Treasury, Financial Services Industry January 2, 2001 Banking: Operations Department Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of a bank’s operations department. This document provides audit procedures for the review of item processing, customer accounting, retail services, ATM administration, and general ledger and suspense accounts. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Services Industry January 2, 2001 Banking: Payroll Department Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of a bank’s payroll department. This document provides audit procedures for the review of payroll calculations, methods of payment, tax remittance verification, payroll check distribution, payroll changes, bonuses, manual checks, official checks, payroll bank reconciliation, year end reconciliation, general ledger account reconciliation, and payroll controls and reconciliation. CONTENT AREA: Work Programs TOPICS: Internal Audit, Taxation, Financial Services Industry, Payroll January 2, 2001 Baseline Controls Audit Work Program - Healthcare The purpose of this work program is to provide the general steps used to perform an audit of baseline controls for a company in the healthcare industry. This document provides audit procedures for the review of billing and collections, cash controls, accounts payable/general accounting, payroll, and claims processing/compliance. CONTENT AREA: Work Programs TOPICS: Internal Audit, Internal Controls, Healthcare & Pharmaceuticals Industry January 2, 2001 Capital Asset Management Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of capital asset management. This document provides audit procedures for the review of requisition/purchasing, receiving, capital asset tracking and monitoring, capital asset recording and reporting, capital asset disposal and retirement. CONTENT AREA: Work Programs TOPICS: Asset Management, Internal Audit, Fixed Assets December 6, 2000 International Site Visit - Audit Work Program The purpose of this work program is to document general procedures used to perform an audit of an international office. The steps indicated apply to the areas of service and product sales, procurement, human resources, financial management, and tax considerations. CONTENT AREA: Work Programs TOPICS: Cross Border & Non-US Issues, Taxation, Internal Audit December 1, 2000 E-Commerce Website Audit Work Program This sample work program provides a framework and checklist for testing to be performed by the internal audit or quality assurance team in reviewing a web site. It can be downloaded and reviewed for ideas and comparison with your own work programs. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, Risk Management & Assessment, Security, E-Business, Security Management Practices, GRC November 30, 2000 Distribution Center/Consigned Inventory Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of a distribution center/consigned delivery. This document provides audit procedures for the review of warehousing, IT audit techniques and areas, as well as contracts. CONTENT AREA: Work Programs TOPICS: Distribution Industry, Internal Audit, IT Audit, Materials Management & Inventory, Supply Chain November 30, 2000 Inventory Audit Work Program The purpose of this work program is to provide the general steps used to perform an inventory audit. This document provides audit procedures for the review of receiving, production process/physical security, physical counts, inventory valuation, inventory reserves, consignment inventory, scrap, and shipping and receiving (including returns). CONTENT AREA: Work Programs TOPICS: Internal Audit, Materials Management & Inventory November 30, 2000 Inventory Management Audit Work Program The purpose of this work program is to provide the general steps used to perform an inventory management audit. This document provides audit procedures for the review of purchasing, warehousing, distribution, finance, marketing/support, and engineering. CONTENT AREA: Work Programs TOPICS: Distribution Industry, Internal Audit, Materials Management & Inventory November 30, 2000 Material Receiving Internal Controls Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of material receiving internal controls. This document provides audit steps that include: checking limits placed on quantities to be maintained in inventory, confirming controls are adequate to prevent theft and diversion of material, and assuring that store records maintained by employees are functionally independent of storekeepers. CONTENT AREA: Work Programs TOPICS: Internal Audit, Supply Chain, Materials Management & Inventory November 30, 2000 Spare Parts Inventory Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of spare parts inventory. This document provides steps that include procedures for the review of procurement, storage, and the methodology used to determine the quantity/product mix/replenishment of spare inventory. CONTENT AREA: Work Programs TOPICS: Internal Audit, Materials Management & Inventory November 21, 2000 Quality Assurance Audit Work Program The purpose of this work program is to provide the general steps used to perform a quality assurance audit. This document provides audit steps that include procedures for the review of materials receiving, subcontractor quality control, metrology and calibration, and quality assurance data. CONTENT AREA: Work Programs TOPICS: Internal Audit, Internal Controls, Outsourcing/Co-sourcing/Shared Services, Supply Chain, Quality Assessment Review October 31, 2000 Capital Leasing Audit Work Program The purpose of this work program is to provide the general steps used to perform a capital leasing audit. This document provides steps to review controls for authorization, validations, accuracy, completeness, and timeliness. CONTENT AREA: Work Programs TOPICS: Internal Audit, Fixed Assets October 31, 2000 Cash Controls Audit Work Program for Healthcare The purpose of this work program is to provide the general steps used to perform a cash controls audit. This document provides steps to review and test controls related to cash-box security, check acceptance, receipts, reconciliation, and deposits. CONTENT AREA: Work Programs TOPICS: Internal Audit, Cash & Treasury, Healthcare & Pharmaceuticals Industry October 31, 2000 Close the Books Audit Work Program The purpose of this work program is to provide the general steps used to perform a “close the books” audit. This document provides guidance for ensuring related systems are fully integrated, the company is in compliance with established schedules, and determining whether segregation of duties is adequate. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Reporting, Close the Books, Segregation of Duties October 31, 2000 Commissions Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit on commissions. This document provides insight into what questions should be asked for an audit of this type. Questions address factors such as who is responsible for processing commissions, what policies, procedures and controls are in place, along with many other topics. CONTENT AREA: Work Programs TOPICS: Internal Audit, Sales Process & Marketing, Compensation & Benefits October 31, 2000 Commissions Review Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit on commission review. This document provides the steps used to confirm whether an existing process to review commissions is adequately controlled and has acceptable segregation of duties. CONTENT AREA: Work Programs TOPICS: Internal Audit, Sales Process & Marketing, Compensation & Benefits, Segregation of Duties October 31, 2000 Consolidation of Finance Functions Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit on consolidation of finance functions. This document provides the audit steps needed to address the finance functions associated with the accounts payable, accounts receivable, accounting operations, payroll, cost accounting, information systems, human resources, and transfer pricing departments. CONTENT AREA: Work Programs TOPICS: Internal Audit, Internal Controls, Financial Reporting October 31, 2000 Consumer Lending Department Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit on consumer lending. This document provides objectives covering physical safeguards, adequate documentation, substantiation of loan balances, and substantiation of collateral held on loan balances. CONTENT AREA: Work Programs TOPICS: Internal Audit, Credit & Collections, Financial Services Industry October 31, 2000 Corporate Treasury Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of corporate treasury. This document provides objectives covering the overall financial control environment, financial and accounting controls, and processes within cash management, investments, and foreign exchange exposure management. CONTENT AREA: Work Programs TOPICS: Best Practices, Internal Audit, Cash & Treasury October 31, 2000 Drug-Free Workplace and Work Force Audit Work Program The purpose of this work program is to provide the general steps used to perform a drug-free workplace and workforce audit. This document provides objectives such as reviewing the policy, and determining if the policy is adequately displayed and lists the most common proscribed substances. CONTENT AREA: Work Programs TOPICS: Internal Audit, Internal Controls, Human Resources October 31, 2000 Ethical Business Conduct Guidelines Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of ethical business conduct guidelines. This document provides guidance on obtaining a list of all executives and directors, determining who is required to sign an ethical business conduct form, obtain access to employees’ human resource files, and other steps needed to complete this audit. CONTENT AREA: Work Programs TOPICS: Ethics, Internal Audit, Corporate Governance, Human Resources, GRC October 31, 2000 Facilities Management Audit Work Program The purpose of this work program is to provide the general steps used to perform a facilities management audit. This document provides guidance on reviewing facilities management best practices, understanding essential processes, and obtaining information regarding the cost of facilities maintenance. CONTENT AREA: Work Programs TOPICS: Internal Audit, Internal Controls, Fixed Assets October 31, 2000 Implementation/Control Validation Audit Work Program The purpose of this work program is to provide the general steps used to perform an implementation/control validation audit. This document provides guidance on data mapping, identifying key data, conversion strategy and process, as well as conversion sign off. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, IT Infrastructure, IT Audit, IT Controls October 31, 2000 Incentive Compensation Audit Work Program The purpose of this work program is to provide the general steps used to perform an incentive compensation audit. This document provides guidance on the review of incentive policies and procedures, speaking with key individuals, and gaining understanding of key processes. CONTENT AREA: Work Programs TOPICS: Internal Audit, Compensation & Benefits, Sales Process & Marketing, Payroll October 31, 2000 Incentive Compensation (2) Audit Work Program The purpose of this work program is to provide the general steps used to perform an incentive compensation audit. This document provides guidance on the review of incentive policies and procedures, speaking with key individuals, and gaining understanding of key processes. CONTENT AREA: Work Programs TOPICS: Internal Audit, Sales Process & Marketing, Compensation & Benefits, Payroll October 31, 2000 Order Entry/Customer Service Audit Work Program The purpose of this work program is to provide the general steps used to perform an order entry/customer service audit. This document identifies risks such as customer master records may not be accurate or created in a timely manner, sales order information may not be correct or timely, and change orders that exceed established credit limits are not communicated to the factory in an appropriate amount of time or are unauthorized. The work program describes how to best test these risks. CONTENT AREA: Work Programs TOPICS: Internal Audit, Customer Fulfillment & Support, Sales Process & Marketing October 31, 2000 Payroll Audit Work Program The purpose of this work program is to provide the general steps used to perform a payroll audit. This document provides details for interviewing personnel, reviewing and discussing payroll policies, and testing randomly selected transactions. CONTENT AREA: Work Programs TOPICS: Internal Audit, Payroll October 31, 2000 Physical Security for Information Technology Facilities Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of physical security for IT facilities. This document gives specific questions related to risks such as unauthorized physical access, damaged cables and wiring, and power failures. CONTENT AREA: Work Programs TOPICS: Technology, Internal Audit, Internal Controls, Security, IT Audit, Physical Security October 31, 2000 Policy Development Audit Work Program The purpose of this work program is to provide the general steps used to perform a policy development audit. This document provides steps such as determining existing policies, interviewing process owners, discussing format and content, and identifying areas for new policies. CONTENT AREA: Work Programs TOPICS: Internal Audit, Internal Controls October 31, 2000 Procurement Card Audit Work Program The purpose of this work program is to provide the general steps used to perform a procurement card audit. This document provides audit guidance for the review of training of procurement card users, cardholder agreements, spending limits, auditing procedures, and terminations. CONTENT AREA: Work Programs TOPICS: Internal Audit, Training & Development, Purchasing & Accounts Payable October 31, 2000 Procurement Internal Controls Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of procurement internal controls. This document provides detailed audit steps used to check controls such as the use of standardized purchase orders, the prevention of unauthorized use of cancelled or voided purchase requisitions, and procedures requiring complete history files. CONTENT AREA: Work Programs TOPICS: Internal Audit, Purchasing & Accounts Payable October 31, 2000 Procurement/Accounts Payable Audit Work Program The purpose of this work program is to provide the general steps used to perform a procurement/accounts payable audit. This document provides detailed steps in the areas of selection and evaluation of vendors, adequate documentation and adherence to bid process, approvals for PRs/POs, approvals for payment, accurate & timely recording of liabilities, early payment discounts, and system access. CONTENT AREA: Work Programs TOPICS: Internal Audit, Purchasing & Accounts Payable October 31, 2000 Procurement/Accounts Payable Matrix Audit Work Program The purpose of this work program is to provide the general steps used to perform a procurement/accounts payable matrix audit. This document provides detailed steps in the areas of understanding expectation, understanding and analyzing the process, and payables. CONTENT AREA: Work Programs TOPICS: Best Practices, Internal Audit, Purchasing & Accounts Payable October 31, 2000 Purchasing Audit Work Program The purpose of this work program is to provide the general steps used to perform a purchasing audit. The detailed steps in this document provide an understanding of the purchasing process, how to create process maps, review departmental policies, and compare current practices to best practice. CONTENT AREA: Work Programs TOPICS: Internal Audit, Purchasing & Accounts Payable October 31, 2000 Purchasing, A/P, Travel and Entertainment Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of purchasing, A/P, travel and entertainment. This document provides detailed steps to review best practices, identify CAAT tests, and request system data for CAAT testing. CONTENT AREA: Work Programs TOPICS: Internal Audit, Expense Reporting, Purchasing & Accounts Payable, IT Audit October 31, 2000 Remote Site Audit Work Program The purpose of this work program is to provide the general steps used to perform a remote site audit. This document provides detailed objectives to determine compliance with certain corporate and local policies and procedures, evaluate overall effectiveness of the operating entity's key business functions, and identify internal control and process improvement opportunities. CONTENT AREA: Work Programs TOPICS: Cross Border & Non-US Issues, Internal Audit, Internal Controls October 31, 2000 Remote Site Audit Work Program (2) The purpose of this work program is to provide the general steps used to perform a remote site audit. This document provides audit steps associated with accounts payable, accounts receivable, payroll, treasury, and general accounting. CONTENT AREA: Work Programs TOPICS: Cross Border & Non-US Issues, Internal Audit, Internal Controls, Accounts Receivable, Cash & Treasury, Payroll, Purchasing & Accounts Payable October 31, 2000 Remote Site Visit - Detailed Audit Work Program The purpose of this work program is to provide the general steps used to perform a remote site visit. This document provides detailed objectives to ensure target audit areas are adequately controlled, to ensure proper segregation of duties in target audit areas, and to provide information related to internal control weaknesses as well as to comment on the overall efficiency of the processes. CONTENT AREA: Work Programs TOPICS: Cross Border & Non-US Issues, Internal Audit, Internal Controls October 31, 2000 Revenue Forecasting Audit Work Program The purpose of this work program is to provide the general steps used to perform a revenue forecasting audit. This document provides steps to review forecasting development/methodology and forecast execution. CONTENT AREA: Work Programs TOPICS: Internal Audit, Financial Reporting, Revenue October 31, 2000 Shipping and Receiving Audit Work Program The purpose of this work program is to provide the general steps used to perform a shipping and receiving audit. This document provides steps to audit processes such as handling back-orders, receipt of products and transfer of received goods, and the resolution of discrepancies/exceptions. CONTENT AREA: Work Programs TOPICS: Internal Audit, Supply Chain, Materials Management & Inventory October 31, 2000 Systems and Application Audit Work Program - Best Practices The purpose of this work program is to provide the general steps used to perform a systems and application audit. This document provides guidance on when and what to test within a system. Testing examples include systems designs, component integration, interfaces, and data conversion routines. CONTENT AREA: Work Programs TOPICS: Benchmarking, Best Practices, Technology, Internal Audit, IT Infrastructure October 31, 2000 Temporary Employee Management Audit Work Program The purpose of this work program is to provide the general steps used to perform an audit of temporary employee management. This document provides detailed objectives used to understand and evaluate the temporary employee management process, validate process performance measures and business controls, and identify opportunities for enhancement. CONTENT AREA: Work Programs TOPICS: Internal Audit, Internal Controls, Human Resources, Purchasing & Accounts Payable October 31, 2000 Travel & Expense Reimbursement Audit Work Program The purpose of this work program is to provide the general steps used to perform a travel and expense reimbursement audit. This document provides detailed objectives to evaluate the overall internal control environment resulting from the current processes, evaluate the effectiveness and efficiency of current processes, and perform detailed testing of selected expense reports. CONTENT AREA: Work Programs TOPICS: Internal Audit, Expense Reporting, Human Resources October 31, 2000 Wire Transfer and Investment Audit Work Program The purpose of this work program is to provide the general steps used to perform a travel and expense reimbursement audit. This document provides detailed objectives to determine that policies, practices, procedures and internal controls regarding funds transfers are adequate, ensure that employees involved in funds transfers are operating in compliance with established guidelines, and determine that adequate security is maintained over wire transfer operations and system administration, and many other objectives. CONTENT AREA: Work Programs TOPICS: Internal Audit, Security, Cash & Treasury, Financial Services Industry
|