Examine source program changes without information from IS personnel.
Detect a source program change made between acquiring a copy of the source and the comparison run.
Confirm that the control copy is the current version of the production program.
Ensure that all changes made in the current source copy are detected.
Plan substantive testing.
Comply with auditing standards.
Understand the business process
Identify control weakness.
Comply with regulatory requirements.
Provide a basis for drawing reasonable conclusions
Ensure complete audit coverage.
Perform the audit according to the defined scope
Include the statement of management in the audit report.
Reconfirm with management the usage of the software.
Discuss the issue with senior management since reporting this could have a negative impact on the organisation.
Identify whether such software is, indeed, being used by the organisation.
Conclude that the controls are inadequate.
Expand the scope to include substantive testing.
Suspend the audit
Place greater reliance on previous audits.
Audit trail of the versioning of the work papers.
Approval of the audit phases.
Access rights to the work papers.
Confidentiality of the work papers.
It uses actual master files or dummies, and the IS auditor does not have to review the source of the transaction.
Periodic testing does not require separate test processes.
It validates application systems and tests the ongoing operation of the system.
The need to prepare test data is eliminated.
Review data file access records to test the librarian function.
Compare utilization records to operations schedules.
Interview programmers about the procedures currently being followed.
Evaluate the record retention plans for off-premises storage.