Use the following information to prepare an IT Planning Memo similar to the one in Appendix 1.

Appendix 1.

a. You are the IT audit senior (or IT auditor representative) assigned. Your audit firm has several branches, but you are working this particular client from the Melbourne, FL office. 

b. The IT audit will support the financial statement audit of Company XYZ, with a fiscal year ending on December 31, 20XX. c. Discussions with the financial audit Director regarding IT audit involvement have already taken place, and are documented in work paper (w/p) 1000.1. IT auditors have not been involved in previous audits for this client. 

d. Your team is composed of: IT Partner P, IT Manager M, and IT Audit Staff AS. You are the IT audit Senior S.

e. The audit timing includes: Planning will be performed during the sixth month of the year under audit; Interim audit procedures will take place during 2 months before the end of the fiscal year; Year-end procedures are scheduled for January through March of the year following the end of the fiscal year; and all work papers and audit documentation will be due by and signed off on April 30th of the year following the end of the fiscal year. 

f. The IT audit is estimated to take 100 hours. Hours will be charged to client code: Company XYZ-0000. 

g. An understanding of Company XYZ’s IT environment is documented in w/p 1540. 

h. The three relevant applications for the IT audit include are:

i. All Accounting Application (AAA)—used to capture and processing accountingrelated transactions. AAA is installed on a UNIX platform (or operating system), and uses Oracle database. AAA can be accessed via a Windows network. 

ii. Financial Document Generator Application (FDGA)—used to produce all types of financial reports and documentation. FDGA is installed on a Windows operating system, and uses Oracle as its database. FDGA is accessed via a Windows network. 

iii. Human Resources and Payroll Application (HRPA)—used to manage the company’s human resources and process payroll. This application is hosted outside of the company, at a third-party organization called HRP-For-All.

i. The relevant application controls used to mitigate risks in this audit are listed in Exhibit 3.5b (these must be added to the IT Planning Memo). Use w/p 1000.2 for reference purposes.

Exhibit 3.5b

j. Deviations or findings resulting from testing the relevant application controls will be documented in w/p 2302. 

k. There will be no work of others (e.g., Internal Audit personnel, etc.) used in the IT audit. 

l. Human resources and payroll services are performed by a third-party service organization called HRP-For-All, located in Austin, Texas. Deloitte, the service auditor, just finished issuing a report assessing the controls at the service organization for the period July 1, 20XX through June 30, 20XX. Controls at HRP-For-All were found to be effective. 

m. There are no other areas identified within Company XYZ that IT auditors can assist with.

Transcribed Image Text:

Date: To: From: Subject: [Date] The Financial Statement Audit File [IT Auditor Representative], [Office Location] IT Audit Planning