End User Computing Applications

End User Computing (EUC) Applications - Audit Program

This audit program has been designed to help audit, IT risk, compliance and security professionals assess the effectiveness of application and general information technology controls (ITGCs) over critical Excel spreadsheets, Access databases and other data analysis and reporting tools (known as End User Computing Applications (“EUC” or “EUCAs”), also known as User Developed Applications (“UDA”)).

A brief overview and description of some of the key features of this risk and control framework:

Contains a comprehensive listing of key risks and controls that leverage the latest best practices and auditing standards to help mitigate the risks associated with spreadsheet use to an acceptable level
Contains detailed testing procedures rather than generic description of the controls and the tests to be performed
Can be used to ascertain compliance with the Section 404 of the Sarbanes-Oxley Act (SOX)

Refer below for the table of contents. Also, view an excerpt from the audit program to ensure it's right for you.

Audit Programs

View Excerpt

Table of Contents:

The audit program contains 45 controls designed to determine whether end user computing applications relied on for critical information and business decisions are adequately controlled and whether they provide complete and accurate information:

Inventory Management

Controls and testing procedures to determine if the inventory of organization’s end user computing applications is appropriately managed to ensure it remains complete, accurate, and valid:

Procedures to create and maintain an inventory of the end user computing applications
Criticality and risk assessments

Operations

Backup and recovery
Controls to ensure organization’s end user computing applications are appropriately managed during storage:

Backups and retention of data
Error resolution procedures
Backup tapes management (storage, readability assessments, encryption).

Physical security
Controls and test steps to determine if facilities that house relevant information-processing and storage infrastructure supporting critical end user computing applications are appropriately managed:

Physical access restriction mechanisms
Physical access authorization, disablement and recertification procedures

Information Security

Security mechanisms
Controls and testing procedures to assess the effectiveness of the end user computing application security to protect against unauthorized modifications:

Password requirements
Security baselines
Patching procedures to prevent exploitation of known security vulnerabilities

Logical access controls
A set of controls and testing guidance to determine if access to critical end user computing applications is restricted to authorized individuals:

Access authorization, disablement and recertification procedures
Segregation of duties

Protection of confidential information
Audit procedures to evaluate information security techniques to prevent the disclosure of confidential information:

Information classification procedures
Access restriction to end user computing applications containing confidential information
Security of confidential data in transit
Security of confidential data in non-production environments

Change Management

Audit guidelines to determine if changes to critical end user computing applications are appropriately implemented:

Procedures to track changes to critical end user computing applications
Testing procedures
Approval of changes to critical end user computing applications
Version control procedures

Data Integrity

Audit procedures to assess data and processing validation process to ensure completeness, accuracy and validity of the inputs being made and outputs resulting from application processing activities.

Completeness and accuracy of the data inputs
Processing logic validation procedures
Completeness and accuracy of the data outputs

Please view an excerpt from the audit program to ensure it's right for you.

Price: $60.00 (Instant Download)