參考說明分析complex system self assessment checklist

byJackyWKLionInvolvementofRiskandControlAssurance/RiskAssurance(RCA/RA)isencouragedinanyaudittohelpidentifyandconsiderrisksposedbytheentity'suseofinformationtechnologyintheauditnandtoassist,asneeded,intheunderstandingandevaluationofinternalcontrolsrelevanttotheaudit.WhilethenatureandextentofRCA/RA'sinvolvementvariesbyengagement,innninganauditthatincludestheinvolvementofRCA/RAspecialists,theengagementleaderandtheengagementRCA/RAleaderagreeon,amongstotherthings,thetestingnandresourceallocationforassessingITgeneralcontrols,automatedcontrolsandautomatedaccountingproceduresandsystemgenerateddataandreports.Thenature,timingandextentofRCA/RA nel’sinvolvementmaydependonanumberoffactors,includingthecomplexityofa ’sinformationsystemsandcontrols.Toassistwiththeengagementteam'sassessmentofwhetherasystemiscomplexornot,anoverallauditengagementcategorisationexerciseshouldbeconductedatleastannually.Thisformwillassistyoutodothiswiththeexceptionofnon-PIEengagementwhereaFULLYsubstantiveauditisbeingundertakeninwhichcasenocategorisationisrequired.Ingeneral,thecomplexityofasystemdependsontheextentandtypeofcomputerprocessing.ThedecisiononwhetherornotthesystemiscomplexismadejointlybytheengagementRCA/RAleaderandtheengagementleader.Ordinarily,complexsystemsarethosethatprocesstransactionsorperformcalculationsthatareeitherimpossibleorimpracticabletoreperformmanually.Indicatorsofacomplexsysteminclude: However,circumstancescanchangerapidlyatour sandtheengagementleadershouldconsultwithRCA/RApartner/directorifinanydoubt.Itisexpectedthatthisquestionnairewillbecompletedbycoreassuranceteams,withprovidedbyRCA/RA.AdditionalguidanceisprovidedasanappendixtothisForthoseauditengagementsforwhichacategorisationhasnotpreviouslybeencompletedengagementleadersshouldcompletetheselfassessmentquestionnaires(withtheexceptionofnon-PIEengagementswhereaFULLYsubstantiveauditisbeingundertakeninwhichcasenocategorisationisrequired).Insubsequentyears,inordertoassesstheappropriatenessofapplyingtheexistingcategorisation,anannualself-reassessmentprocessisrequiredforeachengagementwherebytheengagementleaderisrequiredtoconfirmwhethertheyaresatisfiedwiththepreviouslydeterminedcategorisationorwhether,duetosignificantchangesinthe'sITsystemsand/orcontrolenvironmentorchangestothe 'sbusiness(seebelowA2note),achangeincategorisationisnecessary.鼓鼓鼓鼓鼓鼓鼓鼓鼓鼓鼓鼓鼓/鼓鼓鼓鼓鼓風(fēng)（RCA/RA）在在在在在在在在在在在，以在鼓以在在在劃劃劃劃劃劃劃劃劃劃劃劃劃劃劃劃劃劃劃劃劃在鼓鼓，并并并并并并劃鼓并劃并并在在在并并在鼓鼓鼓鼓。雖雖RCA/A在在參參在在在參參劃參參參劃參參，但在鼓但在在在劃劃（其在其其RCA/RA專專在在在），在在項(xiàng)項(xiàng)項(xiàng)劃RCA/RA項(xiàng)項(xiàng)并并在以負(fù)負(fù)負(fù)負(fù)負(fù)負(fù)負(fù)，其其在劃劃劃劃負(fù)般鼓鼓、自自鼓鼓、自自自在參自以鼓自自在自并劃自自自自并并劃在自自自自。RCA/RA項(xiàng)人在在在在參參、劃時(shí)劃參參時(shí)時(shí)負(fù)時(shí)時(shí)時(shí)時(shí)劃時(shí)，其其劃劃劃鼓鼓在參參。為劃劃在在為并并為為，應(yīng)應(yīng)應(yīng)參應(yīng)自自負(fù)應(yīng)應(yīng)應(yīng)在在在在自應(yīng)。此此時(shí)劃劃在在為此自此在成成,（應(yīng)此應(yīng)應(yīng)劃應(yīng)參參在在在應(yīng)應(yīng)應(yīng)應(yīng)應(yīng)應(yīng)應(yīng)在在應(yīng)應(yīng)，此應(yīng)在在在參并此自自應(yīng)）負(fù)般一一負(fù)，負(fù)參為為負(fù)時(shí)時(shí)在一一一鼓在參參劃應(yīng)一。為為應(yīng)系在在在在在RCA/RA項(xiàng)項(xiàng)項(xiàng)劃在在項(xiàng)項(xiàng)參時(shí)但。通通一一負(fù)， 一鼓在復(fù)復(fù)復(fù)復(fù)自在復(fù)一復(fù)復(fù)系項(xiàng)成復(fù)復(fù)復(fù)自復(fù)復(fù)復(fù)復(fù)自參時(shí)自。負(fù)參在其一以負(fù)一一：其一在自自包在一（如如如在在一）一鼓企處復(fù)復(fù)在（例如，銀自劃銀銀劃鼓為為為應(yīng)應(yīng)（例如，跨跨復(fù)為）一鼓劃在劃劃劃劃復(fù)復(fù)（例如例例一、例但為，在一一時(shí)時(shí)客客企客，在在項(xiàng)項(xiàng)項(xiàng)如參在在項(xiàng)項(xiàng)應(yīng)項(xiàng)RCA/A合合項(xiàng)/總總自自總總。這這項(xiàng)這應(yīng)在RCA/A在劃劃負(fù)，系由由在在由由此自。此項(xiàng)這此此供供此此例在此此。包時(shí)對對系對對尚此自自應(yīng)在在在在在，在在項(xiàng)項(xiàng)項(xiàng)應(yīng)此自自項(xiàng)并并項(xiàng)這（應(yīng)此應(yīng)應(yīng)劃應(yīng)參參在在在應(yīng)應(yīng)應(yīng)應(yīng)應(yīng)應(yīng)應(yīng)在在應(yīng)應(yīng)，此應(yīng)在在在參并此自自成成自應(yīng)）。在此在在時(shí)時(shí)應(yīng)在，為并并為參自應(yīng)在為為參，參參在在每并并自自應(yīng)參自項(xiàng)復(fù)復(fù)并并。在復(fù)復(fù)并并在，在在項(xiàng)項(xiàng)項(xiàng)項(xiàng)項(xiàng)但其為為項(xiàng)時(shí)以對項(xiàng)但在自應(yīng)，復(fù)系時(shí)在劃劃劃劃劃/復(fù)鼓鼓或或復(fù)劃鼓（見A2注并）企自發(fā)發(fā)企客，為為參是并包自應(yīng)成是企企。例地：Entity:應(yīng)應(yīng)：SWEETT)在在項(xiàng)SWEETT)LIMITED-2014Auditfortheperiod劃在在在所時(shí)在所所所所*例自劃：Division/鼓風(fēng)/為Expecteddateforkick-off預(yù)在在在預(yù)自自預(yù)預(yù)企所Expectedstartof預(yù)在應(yīng)預(yù)成成在在審審所所Charge在在項(xiàng)在在項(xiàng)項(xiàng)項(xiàng)MabelManagerIn在在為JackyRCA/RARCA/RAJackyKennyLCA1A1Hasacomplexsystemquestionnairebeencompletedforthisengagementinthisdatabaseinthepast? PartAGeneralQuestionA鼓自–負(fù)般項(xiàng)一A2Whereaninitialself-assessmentquestionswascompletedforthisengagementinthepast,theengagementleaderisrequiredtoconfirmthathe/sheissatisfiedthattheexistingappliedcategorisationiscorrectgivingconsiderationtoanychangesinthe ’sITsystemsand/orcontrolenvironmentsorchangestothe ’sbusiness(seenotebelow).Wheresignificantchangesareidentified,theteamshouldcontinuetocompletePartB&Cagainandrevisitthecategorisation上，項(xiàng)項(xiàng)為參自應(yīng)在確項(xiàng)參（見負(fù)見注見）。如企為此復(fù)企客此，在在為應(yīng)組組此自B&C鼓自，并供應(yīng)項(xiàng)項(xiàng)并應(yīng)自應(yīng)在確項(xiàng)參。Note注-InansweringA2,engagementteamshouldconsiderthefollowingexamplesthatmayindicatethatIsthereanychangeinthe ’sITsystemand/orcontrolenvironments?Exampleswouldinclude:-ThereisanewlyimplementedorrevisedITsystemwhichisrelatedtofinancialreporting;Thereismoveofdatacentrewithinoroutside Establishmentofnewchannelsorsharedservice/outsourcingtypearrangements;Isthereanychangetothe ’sbusinessoperationswhichmayaffectcategorisation?Exampleswould Anychangesinregulatoryrequirementswhichmayimpactthe’soperationorreportingAnymerger&acquisitionsordisposals;Anychangesinlistingstatus;在在在A2劃，在在為應(yīng)劃劃以負(fù)時(shí)時(shí)此項(xiàng)并自自復(fù)復(fù)自在劃劃劃劃劃/復(fù)鼓鼓或或?yàn)闉槠笞源嗽谠诳痛耍坷纾?復(fù)應(yīng)劃此復(fù)企企此在在新鼓自自并并在劃劃劃劃；自并在由在鼓鼓數(shù)數(shù)復(fù)數(shù)數(shù)數(shù)應(yīng)鼓；等在為為客自為為企自此時(shí)時(shí)客客自應(yīng)在客此自在客客企自總鼓并此企自在客此時(shí)時(shí)客客在復(fù)為復(fù)自自并此；PartPartBInitialSelf-AssessmentB鼓自–如預(yù)自項(xiàng)并并B1Systems AreITsystemsusedtosupportanyofthebusinessareascoveredour為為劃劃在在劃劃劃劃是是是是在項(xiàng)是在在在在在在劃鼓是是？GuidanceforQuestionWhileallareasofa ’sfinancialoperationsarepotentiallyincludedinthescopeofanannualfinancialstatementorintegratedaudit,thereareusuallykeybusinesscycles/areasthatarecriticalauditareasforus,forexample,financialreporting,revenueandreceivableandpurchasesandpayables,etc.AuditGuide5034requiresustomapourFinancialStatementLineItems(FSLIs)tobusinessprocessesandmanagementunits,ITapplicationsandthesignificantsub-processes/transactionsrelevanttofinancialreportingwherethereisnnedrelianceonthemanagementIftheanswertothisquestionisyes,prepareaFSLImaptothekeyITsystemsandkeybusinessprocessestheysupportandincludeacopyofthisinthe“UnderstandandevaluatethedesignandimplementationofITGCs”EGAoftheAurafile. shouldbeusedifassistanceisrequiredinunderstandingthekeyITsystemandbusinessprocesses.盡管一個(gè)年度審計(jì)（財(cái)務(wù)報(bào)表或整合審計(jì)）的范圍可能涵蓋客戶所有的財(cái)務(wù)運(yùn)營領(lǐng)域，但通常那些關(guān)鍵環(huán)節(jié)/領(lǐng)域才是對我們審計(jì)具有重要影響的領(lǐng)域，例如，財(cái)務(wù)報(bào)告、收入和應(yīng)收、采購和應(yīng)付等領(lǐng)域。根據(jù)審計(jì)指南5034的要求，對于擬信賴的管理層信息，項(xiàng)目組應(yīng)將財(cái)務(wù)報(bào)表項(xiàng)目如果對這個(gè)問題的回答是“是”，請編制一份財(cái)務(wù)報(bào)表項(xiàng)目與關(guān)鍵信息技術(shù)系統(tǒng)及其支撐的關(guān)鍵業(yè)務(wù)流程之間的對應(yīng)表，并將該對應(yīng)表附件加入Aua文檔的“了解和評估一般控制的設(shè)計(jì)和應(yīng)用”步驟中。如果需要協(xié)助以了解重要的信息系統(tǒng)和業(yè)務(wù)流程，那么就應(yīng)讓RA/A小組參與。1.21.2Doanyofsystemsnotedin1.1aboveinvolvecomplex 為為中 在自自包在一GuidanceforQuestionA’ssystemsmayinvolveautomatedcomplexcalculations,calculationofinsurancecalculationofinterestcalculationofstockcostsusingweightedaveragevaluationcalculationofcostprovisionsbasedoncomplexSubquestion(s)forHoweasilycantheauditorverifythesecalculations客戶系統(tǒng)可能會涉及復(fù)雜的自動化計(jì)算，例如使用平均估值法對存貨成本的計(jì)算按多重定價(jià)/關(guān)稅方案進(jìn)行的計(jì)算1.31.3Isrelyingonoldertechnologythatisnosupportedby 為為客客供應(yīng)供參供供供供供為為客客供應(yīng)供參供供供供供/GuidanceforQuestionTechnologychangesallthetimeandmustbecontinuouslyandsupportedifitistoremainIfthesystemisnotastandardofftheshelvepackage,isthereacurrentservicecontractorservicelevelagreementbetweentheandvendor?Howarethekeyapplicationsystemsmaintained?Hasitbeenmorethan5yearssincethelastmajorupgrade?技術(shù)無時(shí)無刻不在變化著。因此，需要對其進(jìn)行持續(xù)地開發(fā)和，才能確保與時(shí)俱進(jìn)。如果系統(tǒng)并非標(biāo)準(zhǔn)的現(xiàn)成程序包，公司與供應(yīng)商之間是否簽訂了服務(wù)合同或服務(wù)水準(zhǔn)協(xié)議？主要應(yīng)用系統(tǒng)的情況怎樣？是否已有五年以上未進(jìn)行重大升級？1.41.4Is GuidanceforQuestionthatarechangingthewayoursconducttheirbusiness.Inthefuturewemayhavemachine-to-machinenetworks,cloudapplicationusfromnewsecurityconcerns.SomeofoursareattheDoes conductbusinessviatheIsthe differentiatingthemselvesfromtheircompetitorsbyusinglatesttechnologye.g.cloudservicesandapps?Is Bga、Socal和loudcomputing（云計(jì)算）代表了目前影響客戶經(jīng)營方式的趨勢。我們在未來可能會擁有物聯(lián)網(wǎng)、云端應(yīng)用網(wǎng)、信息分析與新ID和信用模型以抵御新的安全。我們的一部分客戶已經(jīng)開始嘗試這些新科技的變化，而其他客戶仍在觀望。 1.51.5Areshelf 在并客為鼓鼓企企對為為此供企企企在在通劃企企GuidanceforQuestion ’sbusinessprocesseswereonceorganizedaroundacompaniesusecustomizedsystemswhichfittheirparticularbusinessmodelsandorganizationstructures,whichtheybelievegivethemthemostcompetitiveadvantage.Thesesystemsneedtobecontinuouslydevelopedandmaintained.greatertheeffortrequiredbythe todevelopandmaintainit.Doesthe haveadedicatedITteamtodevelopandsupportthesystem?以前，公司采用普遍通用的統(tǒng)一現(xiàn)成來管理業(yè)務(wù)流程。而如今，很多公司采用適合自身特有業(yè)務(wù)模型和組織結(jié)構(gòu)的定制系統(tǒng)，并認(rèn)為這樣的系統(tǒng)能為自身帶來最大的競爭優(yōu)勢。這些系統(tǒng)需要持續(xù)的開發(fā)和。通常來說，系統(tǒng)的定制程度越高，公司研發(fā)和系統(tǒng)的程度就要越高。 1.6Isthe usingcomplexapplication(s)inEnterprise 為為劃劃劃劃自自企劃(ERP) GuidanceforQuestionERPsystemsaredesignedtobeintegratedacrossa managersandownershaveaccesstothedatatheyneedwhentheyneedit.Doesthesystemsupportbusinessprocessesonentirebusiness;covermultiplebusinessprocessesandIsthesystemmulti-functional(i.e.ittracksfinancialamounts,material,people,goodsandresources)?Isthesystemafullyintegrated,fullservicesuiteofsoftwarecoveringmultiplebusinessapplications?ERPsystemsareusuallymodularandsomeorallofthefunctionalitycanbeusedandimplemented.ExamplesofERPsystems:SAP,Oracle,PeopleSoft,JDEdwards.系統(tǒng)是否在企業(yè)層面為業(yè)務(wù)流程提供支持（例如對整體業(yè)務(wù)進(jìn)行規(guī)劃、管理和處理；涵蓋多個(gè)業(yè)務(wù)流程和地點(diǎn)）？系統(tǒng)是否具有多重功能（即對財(cái)務(wù)金額、材料、人員、商品和資源進(jìn)行追蹤）？系統(tǒng)是否為涵蓋多個(gè)商業(yè)應(yīng)用程序的完全集成的全方位服務(wù)軟件套件？企業(yè)資源計(jì)劃系統(tǒng)通常具有模塊化的特點(diǎn)，且其部分或全部功能均能被使用和實(shí)施。ERP系統(tǒng)包括：A,Oacle,eopleof,Ddwads。系時(shí)為為系在企 包系負(fù) GuidanceforQuestionManyofoursuseautomatedinterfacesbetweentheiroperational,financialandreportingsystemstopromoteefficiencyandbetteraccuracyofdatatransfer.Subquestion(s)forIfthehasseveralapplicationsystems,isthereanyneedtotransferinformation/databetweenthesystems?Isthisinformationmorethanjustsimpletransactionaldataorpostingstothefinancialreportingsystemse.g.operationaldata,multiplesourcesanddatastreams,real-time(asopposedtobatche.g.periodend),cross-border,IsthedatatransferprocessistheresignificantuseofDoesthesystemreceiveorsendelectronicmessages(EDI)tothirdparties?我們有很多客戶在其運(yùn)營、財(cái)務(wù)和報(bào)告系統(tǒng)間使用自動化接口以提高數(shù)據(jù)傳輸?shù)男屎蜏?zhǔn)確性。如果客戶擁有數(shù)個(gè)應(yīng)用系統(tǒng)，是否有必要在系統(tǒng)間傳輸信息/數(shù)據(jù)？此類信息是否不僅僅是簡單的數(shù)據(jù)或?qū)ω?cái)務(wù)報(bào)告系統(tǒng)進(jìn)行的過賬，例如操作數(shù)據(jù)、復(fù)合源和數(shù)據(jù)流、實(shí)時(shí)過賬（相對于批處理，如期末過賬）、過賬等？客戶系統(tǒng)與第之間是否存在電子信息的收發(fā)（電子數(shù)據(jù)換1.81.8Doessystemprocessahighvolumeof為為一鼓企處復(fù) GuidanceforQuestionSomeofoursmayhaverelativelyfew,buthighvaluetransactions;othersmayhaveahighvolumeofrelativelylowvaluetransactions.Typicalindustrieswithhighvolumetransactionsincludethefinancialservices, munications,utilitiesandthepharmaceuticalsectors.Theissuefacingour sisthatwhileasingleerrorforagiventransactionmaybeimmaterial,ifthiserrorwasrepeatedmanymillionsoftimes,thenthemagnitudeoftheerrorormisstatementcouldbeInsituationswheresystemsarehighlyintegrated(e.g.ERP)andthevolumeoftransactionsislarge,journalentriesmaybegeneratedautomaticallyandinsomecasesthenpostedautomaticallyfromonesystemtoanother.Thechallengefacingusishowweaudithighvolumesofdata.Subquestion(s)forreference:WhatapproachshouldIadopttoauditanareawherevolumesoftransactionsareprocessedbyaWherethenumberoftransactionsissohigh,forexampleintheretailbankingor municationssectors,thatitwouldbedifficultforuserstoidentifyandcorrecterrorsinthedataprocessingorthatobtainingameaningfulsamplesizemanuallyfromanauditisnotfeasible,insuchcasestheuseofaudittechniquessuchasComputerAssistedAudittechniques("CAATs")willtypicallyleadtoasignificantreductionintheauditteameffortrequiredinundertakingsubstantivetesting.IstheauditbeingperformedinaccordancewithUSGAAS?SpecificrequirementsexistunderSAS99(ConsiderationofFraudinaFinancialStatementAudit)withfurtherguidanceavailableintheUSPwCAuditGuideSection4520,inparticulararoundUSlistedcompanies,asaresulttheauditapproachshouldexplicitlyconsidertheneedtouseCAATsandconsultationwithRCA/RAis mended.ForNonUSGAASengagements,engagementleadersandteammanagersarestill mendedtoconsiderusingCAATs,togetherwiththerelatedRCA/RAspecialists,aspartofthetestingofjournalentries.某對時(shí)時(shí)企自并包供應(yīng)、但但但但在復(fù)復(fù)，其其則時(shí)時(shí)企自處、但但但并包供但在復(fù)復(fù)。企自企處復(fù)復(fù)在發(fā)一自劃其其發(fā)發(fā)鼓鼓劃、電劃自劃、應(yīng)劃公劃劃公公自劃。劃負(fù)客在項(xiàng)一為：單單負(fù)參單單包時(shí)負(fù)參單但在復(fù)復(fù)復(fù)單為單參單建在，但如如這參單單復(fù)包此自但但應(yīng)，對那這參單單復(fù)單單供那那自產(chǎn)自產(chǎn)企客客。在但參在自（如ERP）在產(chǎn)自復(fù)復(fù)中復(fù)復(fù)處中企在一一負(fù)，時(shí)時(shí)自自自自自此，雖在然負(fù)參自自此然數(shù)然負(fù)參。項(xiàng)是負(fù)客在我我為如在在由企處在自并。包時(shí)系一鼓企處復(fù)復(fù)在是是，項(xiàng)應(yīng)包此應(yīng)劃在我在在負(fù)我呢？為復(fù)復(fù)自處此企（如銀銀銀自劃復(fù)電劃自劃在復(fù)復(fù)）然從此負(fù)劃劃者者以劃劃并此確自并一鼓在在者單，復(fù)為此負(fù)參時(shí)時(shí)負(fù)負(fù)或在在從審系參審審在審此企審劃，劃劃使如在一一使劃在在劃劃("CAATs")在在在劃劃通通自企處的但在在在在為在應(yīng)的應(yīng)參參包包劃劃并試如在試試。為為 在為為應(yīng)應(yīng)(例如跨跨復(fù)為)一鼓劃劃SAS99（新鼓自此在在在在財(cái)財(cái)劃劃）在系參系應(yīng)并此并中時(shí)然是跨美美美建在在此美美4520章在章負(fù)自負(fù)章此美（尤其為并時(shí)是跨上上應(yīng)國在此美），劃此在在負(fù)復(fù)應(yīng)為項(xiàng)項(xiàng)劃劃劃劃CAATs在并并并中要要建預(yù)總總RCA/RA在審見。包時(shí)參應(yīng)劃是跨在在是則在在在，仍建預(yù)在在項(xiàng)項(xiàng)項(xiàng)劃在在為鼓劃劃劃劃CAATs并總總并并在為為 在為為應(yīng)應(yīng)(例如跨跨復(fù)為)一鼓劃劃1.91.9Dothesystemsprocessinformationforacomplexorsophisticatedbusinessentity(e.g.multinationaloperations)? 該GuidanceforQuestionDothesystemsprocessinformationforacomplexorsophisticatedbusinessentity(e.g.multinationaloperations)?該系統(tǒng)是否為復(fù)雜的經(jīng)營實(shí)體（例如經(jīng)營企業(yè)）處理信息1.1Does (e.g.multiplesites,severaldifferenttypesofintegratedtechnology,usingofITserviceprovidersorsharedservicecentre)?為為系參在劃劃劃劃復(fù)復(fù)(例如，例例一、幾參參參應(yīng)一在應(yīng)合劃劃、劃劃劃劃劃劃鼓鼓供應(yīng)供復(fù)負(fù)建鼓鼓在由)？GuidanceforQuestionDoesthe haveacomplexinformationtechnologyinfrastructure(e.g.multiplesites,severaldifferenttypesofintegratedtechnology)?Subquestion(s)forHowmanydata-centresdoesthehave?Whatarethephysicallocationsofthedata-centres?DoesthehavealargeITinfrastructureandoperationsDoestheoutsourcecertainITfunctiontoaserviceorganization?Howlargeisthecontractsum?Doesthespendconsiderableamountofmoneyinhardwaremaintenanceand Istheutilisingawiderangeofdifferentintegratedandapplications?客戶是否擁有復(fù)雜的技術(shù)架構(gòu)（例如多地點(diǎn)、幾種不同類型的

客戶擁有的數(shù)據(jù)中心的數(shù)量是多少？這些數(shù)據(jù)中心的所在點(diǎn)在哪里？客戶是否擁有大型 基礎(chǔ)設(shè)施和操作團(tuán)隊(duì) 客戶是否使 共享服務(wù)中心客戶是否在硬 通信方面花費(fèi)了相當(dāng)數(shù)量的’suseofITsubjecttostringentregulatory在劃劃劃劃劃劃劃為為項(xiàng)客客客客在總鼓并此 GuidanceforQuestionInsomejurisdictions,regulatorsandotherlegalbodieshavesetstringentrequirementsforaccessingandstoringofdataorforusinginformationtechnologytosupportbusinessoperations.Forexample:hasissuedthe“GuidelinesonE-bankingSecurityEvaluation”InHongKong,theHongKongMonetaryauthority(“HKMA”)issuedthe“GuidanceNoteonManagementofSecurityRisksinElectronicBankingServices”InSingapore,theMonetaryAuthorityofSingapore(“MAS”)hasissuedthe“Compliancechecklistforinternetbankingandtechnologyriskmanagementguidelines.0一些國家和地區(qū)的機(jī)構(gòu)和其他法律實(shí)體對數(shù)據(jù)權(quán)限和以及利用 管理業(yè)務(wù)運(yùn)營制定了嚴(yán)格的規(guī)定，例如：，中國銀行業(yè)監(jiān)督管理（“銀監(jiān)會”）已頒布了《電在，金融管理局（“金管局”）已下發(fā)了《電子銀行服務(wù)保安風(fēng)險(xiǎn)管理的建議文件》在新加坡，新加坡金融管理局（“金管局”）已下發(fā)了《網(wǎng)絡(luò)銀行30版B2HPCandhigherriskauditconsiderationsIsthis consideredtobeHPC,aUSIntegratedAuditengagement,auditswherewewillotherwisegiveanauditopinionon ’sinternalcontrolsystem(paniesinsubjecttotheBasicStandardforEnterpriseInternalControl)orIPO/ (oranycombinationofthese)?該為為為HPC，是跨應(yīng)合在在在在，項(xiàng)是并并包在鼓鼓鼓鼓企此在由審見在在在在在（例如例劃時(shí)《劃劃鼓鼓鼓鼓或此企企》在在跨應(yīng)國）復(fù)或應(yīng)應(yīng)企企自或或復(fù)或或應(yīng)應(yīng)企企自或或(復(fù)上那應(yīng)一在為合)GuidanceforQuestionOurswhoaresubjecttoUSSOX,C-SOXorJ-SOXrulesorwhoarenninganIPOinHongKong,,Singaporeorotheroverseasjurisdiction,attractahigherdegreeofauditscrutinythan

otheraudits,whetherbecauseadditionalauditproceduresareoverfinancialreporting,orwhethersomeofourworkmaybeusedtomeetlistingrulesasinthecaseofPN21workforaHongKong對于應(yīng)遵守USOX、C－OX或者J－OX的客戶，或者正在計(jì)劃于香港、陸、新加坡或其他海外國家或地區(qū)進(jìn)行首次公開的客戶，由于為形成我們對其財(cái)務(wù)報(bào)告內(nèi)部控制的審計(jì)意見而需要執(zhí)行額外的審計(jì)程序，或者對于在上市的公司而言，我們需要執(zhí)行一些工作以遵守如PN21等上市條例的規(guī)定，因此上述客戶需要接受相對于其他審計(jì)客戶更加嚴(yán)格的審計(jì)監(jiān)督。B3ListingandRegulatory3.1Is該嗎3.1Is該嗎 GuidanceforQuestionOurswhoarelistedaresubjecttotherespectivelistingrulesoftheexchangewheretheyarelisted.Furthermore,theirregulatorsmayalsosetspecificrequirementsfortheirparticipantsthatarelisted.Theserulesandrequirementsmayvarybetweenexchangesandregulatorybodies.Forexample:HongKong’sCorporateernance’sBasicStandardforEnterpriseInternalSingapore’sCodeofCorporateUS’sSarbanes-Oxley我們的上市客戶需遵守相關(guān)所的上市規(guī)則。此外，機(jī)構(gòu)也可能制定了與上市相關(guān)的具體要求。所和機(jī)構(gòu)頒布的這些規(guī)則和要中國的《企業(yè)內(nèi)部控制基Category:Category:應(yīng)一ThedefinitionforeachcategoryisasA-Those sconsideredHPC,allIntegratedAuditengagements,auditswherewewillotherwisegiveanauditopiniononthe'sinternalcontrolsystem(e.gcompaniesin subjecttotheBasicStandardforEnterpriseInternalControl),IPO/nnedIPOengagementsandallotherlisted swithcomplexsystems.B-Any swithcomplexC- s D-Anyothers Thetablebelowfurtherillustratesthein ctionbetweenRCA/RAnelandthecoreassurance tteamsAentIdentifyCombined√RCA/RAnelshouldbeusedifthereisuncertaintyonthelevelofcomplexityandtheapproachtoadoptorifassistanceisrequiredinandtestingofcessesandandevaluatecontrolsotherthangeneralforexampleCombined√ValidateCombined√,evaluateandvalidateITGeneralComputer√CombinedIftheentityhascomplexsystemsi.e.,isassessedascategoryAorB,RCA/RAshallbeinvolvedintheauditofthosesystems,unlesstheEngagementl