Segregation of Duties between:
- Authorization
- Custody of Assets
- Recording
- Control Activity

This template also can be used as supporting documents for Sarbanes Oxley (SOX) Compliances
Download Microsoft Excel 2007 xlsx
Download Microsoft Excel 2003 xls

1. Incorporation/Partnership Documents
2. Financial Documents
3. Financing Documents
4. Process for Handling Customer Contracts
5. Process for Handling Vendor/Supplies Contracts
6. Legal Terms and Condition
- Standard Forms
- Service Levels
- Third-Party Performance/Warranties

7. Systems Security
- Disclaimers
- Passwords
- Electronic Signatures
- Encryption

8. Data Security
9. Insurance
10. Employee Issues
- Nondisclosure
- Employment Contracts

11. Public Communications
12. Alliances/Joint Ventures
13. Nondisclosures
14. Contractor Agreements
15. Business Continuity

Download

Download

2. Loss of confidentiality of sensitive information. Sensitive information may be accidentally or deliberately divulged on the network or in the mailbox storage system to unauthorized parties including competitors.

3. Increased exposure to fraud. Access to computer systems may provide an increased opportunity to change the computer records of both a single organization and that of its trading partners by sta. of the trading parties or by third-party network

4. Manipulation of payment. A situation where amounts charged by or paid to suppliers are not reviewed before transmission. A erefore, there is a risk that payments could be made for goods not received, payment amounts could be excessive, or duplicate payment could occur.

5. Loss of transactions. Transactions could be lost as a result of processing disruptions at thirdparty network sites or en route to the recipient organization, which could cause losses to the organization and inaccurate financial reporting.

6. Errors in information and communication systems. Errors in the processing and communications systems, such as incorrect message repair, can result in the transmission of incorrect trading information or inaccurate reporting to management.

7. Loss of audit trail. EDI eliminates the need for hard copy.

8. Concentration of control. A ere will be increased reliance on computer controls where they replace manual controls, and they may not be suficiently timely.

9. Application failure. Application or EDI component failures could have a significant negative impact on partner organizations within the respective business cycles

10. Potential legal liability. A situation where liability is not clearly de. ned in trading partner agreements, legal liability may arise due to errors outside the control of an organization or by its own employees. A ere is still considerable uncertainty about the legal status of EDI documents or the inability to enforce contracts in unforeseen circumstances.

11. Overcharging by third-party service providers. Third-party suppliers may accidentally or deliberately overcharge an organization that is using their services.

12. Manipulation of organization. An information available to the proprietors of third-party networks may enable them or competitors to take unfair advantage of an organization.

13. Not achieving anticipated cost savings. Happens where the anticipated cost savings from the investment in EDI are not realized for some reason by an organization.

source: IT Control & Audit, Sandra Senft

Sample Details
- What is being tested?
- What is the population? (List the entire population or reference where the population source.)
- How many items tested?
- How were items chosen?

Description of Validation Performed
Test procedures should only include steps that are actually performed in testing the control description from above.

Validation Results/Findings
The test results should answer the test procedures. The results should reference appropriate supporting documentation.
The exceptions should be listed out individually (with reference information) under the test result steps.
Please reference appropriate supporting documentation where exceptions have been found.

Download

2. Task delegation. Once assigned by the project manager, tasks may be delegated from team leaders to team members or from peer to peer. A e delegation feature can also be disabled if desired.

3. View nonworking time. Team members can report nonworking time to the project manager, such as vacation or sick leave, and also report work time that cannot be devoted to the project.

4. Database performance. Gets improved performance and access to data with changes to the Microsoft Project database.

5. Network diagram. Customizes network diagrams with new . ltering and layout options, increased formatting features, and enhanced box styles (formerly, the PERT chart).

IT Control and Audit Sandra Senft with some modification

Auditors are required to maintain “all audit or review work papers” for five years.

A statute of limitations on securities fraud claims is extended to five years from the fraud and two years after the fraud was discovered, from three years and one year, respectively.

Employees of issuers and accounting firms are extended “whistleblower protection” that would prohibit the employer from taking certain actions against employees who lawfully disclose private employer information to, among others, parties in a judicial proceeding involving a fraud claim. Whistleblowers are also granted a remedy of special damages and attorney’s fees.

Penalties and Requirements under Title IX of the Act
Maximum penalty for mail and wire fraud increased from five to ten years.

A CEO and CFO must certify financial statements filed with the SEC. A certification must state that the financial statements and disclosures fully comply with the provisions of the Securities Exchange Act and that they fairly present, in all material respects, the operations and . nancial condition of the issuer. Maximum penalties for willful and knowing violations of this section are a . ne of not more than $5 million and imprisonment of up to 20 years.

IT Control & Audit, Sandra Senft, Frederick Gallegos 2008