IT General Controls Risk Assessment Report Essay

1530 Words Jan 30th, 2014 7 Pages
IT General Controls Risk Assessment Report
Foods Fantastic Company

In accordance with our IT audit plan, the Foods Fantastic Company (FFC) Audit Team has performed an ITGC review of the 5 critical ITGC areas and in-scope applications so as to enable the audit team to follow a controls-based audit approach and be able to rely on the IT controls in place at FFC. FFC is a publicly traded, regional grocery store located in the mid-Atlantic region which relies on many state-of-the-art IT systems and software and which are all managed in-house.

We hope to gain comfort that FFC’s systems, IT practices, and risk management procedures are working properly and are operationally effective within a
…show more content…
A steering committee comprised of personnel from internal audit, information systems, and the finance department are involved in developing the policies of and reviewing the operations of the IT department. This cross-departmental committee helps align the goals of the IT department and the firm as a whole, and helps establish segregation of duties at the manager level so as to establish a culture of openness. Taking this idea of establishing segregation of duties at the managerial level, we find comfort in the fact that the Chief Information Officer (CIO) reviews the logs of the VP, Applications. It is also worthy to note that the IT department has 4 executives that are responsible for different areas of the department and which the CIO is ultimately responsible for reviewing. Although the CIO manages the IT department as a whole, there are 3 levels of management, as the CIO reports to the Chief Financial Officer (CFO) and thus mitigates the risk that oversights or fraudulent activities will be missed. IT Management is a very important area as this helps dictate the tone of the department and helps establish the policies that are in place, but through our review of this ITGC area, we find little risk associated with IT Management and have found evidence that the audit team can rely on the controls put in place.
We have also assessed Systems Development to be
Open Document