Data Processing Function Audit Program
DATA PROCESSING CENTER - ORGANIZATIONAL RESPONSIBILITIES AUDIT
AUDIT PROGRAM OVERVIEW
The data processing function should be sufficiently important
in the organizational hierarchy to enable it to meet established
overall objectives and to promote independence from user departments.
Major working units within each data processing function should
be adequately described with their responsibilities delineated
and documented. Adequate separation of duties within each function
should be provided, or, where not feasible, compensating controls
should be practiced.
Suggested interviewees for ICQ:
A. Director of Data Processing
A. Control Objective #1 - Separation of Duties Between Data
Processing and the User Departments
- Review the location of data processing department within the
University's hierarchy, and assess its suitability in terms of
independence from user departments.
- Review the data control activities performed by data processing
and users. Determine if data processing is only controlling the
processing of data and that users exercise proper control over
original submission, verification, validation, and error correction.
B. Control Objective #2 - Separation of Duties Within Data
- Review documentation to determine that responsibilities assigned
to each major organizational unit are adequately described.
- Interview data processing personnel and observe data processing
activities to confirm that the separation of duties is being followed.
C. Control Objective #3 - Planning for Data Processing Resources
- Determine if the steering committee is at a high enough level
to be independent from Data Processing and which is able to allocate
resources to best achieve the goals of the whole organization.
- Review the policy that establishes the steering committee
and defines its goals and responsibilities. Review documentation
to provide evidence that the steering committee is operating as
it was designed. Determine if the method for allocating resources
is fair and reasonable.