Laserfiche WebLink
Commitment to Quality Service <br /> Audit Approach <br /> Information Systems Audit Procedures <br /> Michael Lockwood, our firm ' s Director of Information Technology, will perform the review of the <br /> County ' s information systems environment. Mike performs such reviews for clients throughout our firm, <br /> particularly county and city governments . With Mike , the County will have the assurance of direct <br /> review by a senior level individual with 19 years of experience directly related to information systems . <br /> Further, his presence will provide continuity from year to year and insight to the industry' s best practices . <br /> Mike will assess the effect of systems processing on the County ' s business and the reliability of systems <br /> processing. He will focus on providing constructive service comments intended to improve the quality of <br /> information and systems controls . The results of this assessment will be integrated into our audit <br /> approach to improve audit efficiency and to further define the manner in which we address identified risk <br /> factors . <br /> Examples of computer controls that will be reviewed for each system include the following: <br /> • Information Security. The information security function is responsible for the administration <br /> and maintenance of a client ' s information security program, including both physical and logical <br /> security. The primary goal of such a program is to ensure that access to programs, data, on-line <br /> transactions, and other computing resources is restricted to authorized users . Our review of general <br /> computer controls in the information security area will include an appropriate consideration of the <br /> level of security that is adequate for a particular processing environment and the availability of <br /> access control mechanisms in that environment. <br /> • Systems Acquisition, Development, and Maintenance. Systems development personnel are <br /> responsible for the selection and/or design, programming, and maintenance of the application <br /> systems processed to meet the needs of the various users . Our audit procedures are designed to <br /> ensure that application programs are designed, implemented, and maintained according to <br /> management ' s intentions and in accordance with industry accepted practices . <br /> • Computer Operations . The computer operations department is responsible for the day-to -day <br /> processing activities of the systems, ensuring that jobs are scheduled and processed in accordance <br /> with established routines . It is also responsible for the physical control of data stored on portable <br /> media and timely, accurate distribution of reports to users . Our review will be to test that these <br /> control procedures were effective throughout the review year. <br /> Determining Laws and Regulations <br /> Our compliance audit procedures will be designed to identify and test those transactions and activities that <br /> are likely to have a financial impact on the County ' s basic financial statements and to determine whether <br /> they were carried out in accordance with the provisions of laws, rules , contracts, and grantor guidelines . <br /> Our reports will note instances of noncompliance that could have a material effect on the County ' s <br /> financial statements . <br /> The nature and extent of our compliance tests are derived from the following: <br /> • Results of our analysis of internal control over compliance matters . <br /> • Review of bond documents . <br /> • Review of federal OMB Circulars, Compliance Supplement, and other pronouncements . <br /> • Correspondence with federal and state agencies . <br /> • Review of County agreements . <br /> • Review of County internal policies . <br /> 37 <br />