Process Review, Walk through and Control Testing
For the purpose of identifying significant processes, the auditor may identify significant accounts and processes linked to significant accounts. They may carry out detailed understanding of process from inception of transaction to its final accounting. The banks normally have documented standard operating procedures (SOPs), hence auditor can peruse SOPs for understanding and documenting significant processes. During the process understanding, auditors may identify various control points in the process like reconciliation, maker checker, segregation of duties, etc. The auditors may carry out walk through of few transactions for validating process understanding and existence of indentified controls. Identified controls needs to be further segregated to manual controls and IT controls for testing of those controls for sample transactions. This sample needs to be selected randomly from total population of transactions as per the methodology.
In today’s scenario, most of the treasury functions of banks are performed in an automated environment (for example, trade booking, settlement and accounting). In such a situation, it becomes imperative for the auditors to test the general information technology controls and system application controls around the functioning of the systems involved and also the interfaces between various systems.
Some of the typical audit procedures include:
Identification of specific application controls based on process understanding and walkthroughs.
Perusal of IT application controls and document whether controls are effective and reliance can be placed on same.
Perusal of IT system audit report, Internal Control Guidance report and action taken thereon.
Based on out come of IT control testing, further audit strategy need to be formulated.