This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

Case Study: Financial and IT controls assurance

Abstract

An organisation required an assessment of the controls in place across their financial processes and general computing environments.

Challenge

We provided an organisation with Internal Audit services to provide assurance for their financial and IT general controls. This review focused on the areas as outlined below.

Approach

  • We assessed their internal financial and IT general controls.
  • Reviewed assessment questionnaire which was completed by the organisation.
  • We conducted walk-through testing on the main financial transaction cycles to confirm our understanding of the financial controls as explained to us.
  • We produced a report which outlined any areas where improvements could be made.

Solution

  • A large number of ex-employees had access to the financial systems, which was subsequently removed.
  • The setting up of supplier accounts (including amendments to master files) was not recorded on a standard pre-numbered form and did not require authorisation by a second person in line with best practice.
  • Employees who claimed mileage expenses did not submit car insurance certificates annually to the Administration Manager in support of the indemnity.
  • We identified several IT general controls deficiencies:
    • Passwords were not changed at regular intervals.
    • Security logs were not maintained to identify unauthorised access.
    • A comprehensive security policy was not in place.
    • Reliance on the IT service provider was excessive.
    • A strategic plan for the development of IT Systems was not in place.
    • The Payroll system had no password in place to restrict access.
    • The Inventory System had a password which is the user’s first name.
    • The organisation did not have a formally appointed individual with specific responsibilities for Secretarial and governance matters.
    • We noted that a formal schedule of matters reserved for Board decision was not in place.
    • A fixed asset register was not in place to enable comparisons between the general ledger and an independently prepared register.

 

Material on this website is © 2013 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/ie/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.

Get connected
Share your comments
More on Deloitte
Learn about our site