What duties should be segregated in an IT department?
The nature and roles of each individual in an IT department will vary, so it’s important to understand the specific role each IT person has in the broader IT function.
At a very high level, roles and access should be outlined clearly so that an individual does not have the ability to implement a system change without proper supervision.
You might also be interested in...
What is detection risk?
Detection risk is the risk that the auditor will not detect a material misstatement that exists in a relevant assertion. Unlike inherent and control risks, detection risk is will not exist independently of the audit. Therefore, the assessed level of detection risk (amount of work the auditor will need to do) will be determined based […]
If the risk of material misstatement is high, should I perform more or less substantive testing?
If the risk of material misstatement is high, that means that inherent risk is high and that control risk is also high. When that is the case, in order to reduce overall audit risk, more effective substantive testing procedures should be performed. To perform more effective substantive procedures, the audit team should consider what type […]
What is control risk?
Control risk is the risk that a material misstatement that could occur in a relevant assertion will not be prevented or detected on a timely basis by the company’s internal controls.