2. Your audit team has completed the testing of certain ITGCs. The results are reported in the table below. What is the implication for the financial statement audit? Implication for the financial statement audit Results of test work ITGC performed Access rights no longer needed The login credentials were by users who are leaving the still active for an accounts entity's employ or who have payable clerk who left the changed job responsibilities are company in September ended timely based on A cash receipts clerk notification from HR or the transferred to the accounts user's supervisor or manager. receivable department. The clerk still has access rights to the cash receipts application. Access rights are verified No review of the access periodically by appropriate rights has been performed management personnel. this year. Changes to programs, The warehouse manager including configurations, requested that the inventory interfaces and reports, made application update the by developers are logged and location field in the compared with the requests inventory database in real and approvals for those time, rather than being changes by individuals without batch processed at the end the access to make such of each day. The change changes. request was approved. There was no documentation indicating that the change was made by developers. The 2 Internal controls ITGCs Part 4: Audit response to ineffective ITGCs - exercises 2021 Ernst & Young Foundation (US). All Rights Reserved. SCORE no. 13206-211US_26 Implication for the financial statement audit Results of test work ITGC performed warehouse manager states that the change was made. Default passwords to delivered The client purchased a fixed system IDs that affect key asset program from a security settings, including reputable vendor. Upon passwords or the IT application testing, the vendor's default and its data, have been administrative passwords changed or the related were not changed. accounts have been disabled. Direct data changes follow a The client's CFO directed process that includes approval the database manager to by an appropriate person other increase a recorded than the requester and the pre- revenue transaction implementation testing or post- recorded in the general implementation verification of ledger from $125,000 to the accuracy of the change. $135,000. There is no documentation indicating that the change was approved or reviewed by a person other than the requester. IT personnel monitor the An incomplete interface and execution of the job schedule data transfer between the and take actions appropriate cash receipts journal and for the issues that arise. the general ledger occurred on August 15. Consequently, the cash and accounts receivable general ledger balances were not accurately updated. The controller found the discrepancy while performing a review on September 1, in preparation for preparing monthly financial statements. IT personnel traced the problem to a hardware 3 Internal controls ITGCs Part 4: Audit response to ineffective ITGCs - exercises 2021 Ernst & Young Foundation (US). All Rights Reserved. SCORE no. 13206-211US_26 Implication for the financial statement audit ITGC The programs in the test environment (including tools to move the programs into the test environment) are accessible only by a limited number of authorized appropriate people who don't have development responsibilities. Results of test work performed malfunction and corrected the issue. Due to a widespread illness, several personnel assigned to the program test environment were on extended sick leave during April. Consequently, the client had a backlog of changed, but untested, programs. Management approved temporarily using developers to help test programs and clear the backlog. The test environment manager made sure that developers did not test programs they worked on in the development phase. The test environment manager took extra care to oversee and verify the testing results of the developers. Internal controls ITGCs Part 4: Audit response to ineffective ITGCs - exercises 4 2021 Ernst & Young Foundation (IISU All Richts Reserved 2. Your audit team has completed the testing of certain ITGCs. The results are reported in the table below. What is the implication for the financial statement audit? Implication for the financial statement audit Results of test work ITGC performed Access rights no longer needed The login credentials were by users who are leaving the still active for an accounts entity's employ or who have payable clerk who left the changed job responsibilities are company in September ended timely based on A cash receipts clerk notification from HR or the transferred to the accounts user's supervisor or manager. receivable department. The clerk still has access rights to the cash receipts application. Access rights are verified No review of the access periodically by appropriate rights has been performed management personnel. this year. Changes to programs, The warehouse manager including configurations, requested that the inventory interfaces and reports, made application update the by developers are logged and location field in the compared with the requests inventory database in real and approvals for those time, rather than being changes by individuals without batch processed at the end the access to make such of each day. The change changes. request was approved. There was no documentation indicating that the change was made by developers. The 2 Internal controls ITGCs Part 4: Audit response to ineffective ITGCs - exercises 2021 Ernst & Young Foundation (US). All Rights Reserved. SCORE no. 13206-211US_26 Implication for the financial statement audit Results of test work ITGC performed warehouse manager states that the change was made. Default passwords to delivered The client purchased a fixed system IDs that affect key asset program from a security settings, including reputable vendor. Upon passwords or the IT application testing, the vendor's default and its data, have been administrative passwords changed or the related were not changed. accounts have been disabled. Direct data changes follow a The client's CFO directed process that includes approval the database manager to by an appropriate person other increase a recorded than the requester and the pre- revenue transaction implementation testing or post- recorded in the general implementation verification of ledger from $125,000 to the accuracy of the change. $135,000. There is no documentation indicating that the change was approved or reviewed by a person other than the requester. IT personnel monitor the An incomplete interface and execution of the job schedule data transfer between the and take actions appropriate cash receipts journal and for the issues that arise. the general ledger occurred on August 15. Consequently, the cash and accounts receivable general ledger balances were not accurately updated. The controller found the discrepancy while performing a review on September 1, in preparation for preparing monthly financial statements. IT personnel traced the problem to a hardware 3 Internal controls ITGCs Part 4: Audit response to ineffective ITGCs - exercises 2021 Ernst & Young Foundation (US). All Rights Reserved. SCORE no. 13206-211US_26 Implication for the financial statement audit ITGC The programs in the test environment (including tools to move the programs into the test environment) are accessible only by a limited number of authorized appropriate people who don't have development responsibilities. Results of test work performed malfunction and corrected the issue. Due to a widespread illness, several personnel assigned to the program test environment were on extended sick leave during April. Consequently, the client had a backlog of changed, but untested, programs. Management approved temporarily using developers to help test programs and clear the backlog. The test environment manager made sure that developers did not test programs they worked on in the development phase. The test environment manager took extra care to oversee and verify the testing results of the developers. Internal controls ITGCs Part 4: Audit response to ineffective ITGCs - exercises 4 2021 Ernst & Young Foundation (IISU All Richts Reserved