這是用戶在 2024-5-13 9:12 為 https://app.immersivetranslate.com/pdf-pro/08aa3c26-06b9-445a-99f9-684ddc810de4 保存的雙語快照頁面,由 沉浸式翻譯 提供雙語支持。了解如何保存?
2024_05_13_6aacceeb725353821a2eg
Overview
Group
Audits
Review of
Audit
Strategy
and Plan
Revised
IESBA
Code of
Ethics
IT Testing
Strategy
Service
Organisations
Artificial
Intelligence
Archiving
Other
Updates

IT Testing Strategy  IT 測試策略

  • Significant enhancements have been made to the PwC Audit guidance on developing an IT testing strategy. The enhanced guidance reflects current practices in the entity's use of technology and provides further clarifications and examples to address common engagement team questions.
    PwC 審計指南在制定 IT 測試策略方面進行了重大增強。增強的指南反映了實體在技術使用方面的當前實踐,並提供進一步的澄清和示例以應對常見的參與團隊問題。
  • The updates described below are for application on 2024 calendar year end audit engagements, with earlier application permitted depending on territory implementation and training plans.
    下面描述的更新適用於 2024 年度結束審計項目,根據領土實施和培訓計劃,可以提前應用。

Introduction 簡介

Significant enhancements were made to PwC Audit guidance in the following areas:
PwC 審計指南在以下領域進行了重大增強:
Considerations in planning an effective and efficient approach to testing IT, including responding to IT risks and the testing strategy for IT dependencies;
考慮規劃有效和高效的 IT 測試方法,包括應對 IT 風險和 IT 依賴的測試策略;
  • Understanding and testing restricted access, segregation of duties, interfaces and automated controls;
    瞭解和測試受限訪問、職責分離、接口和自動控制;
  • Further guidance on the concepts of inherent, customised and configurable functionality, and how our response to risks arising from each type may be different; and
    進一步指導有關固有、定制和可配置功能概念的指引,以及我們對於每種類型風險的應對可能有所不同;
  • New PwC Audit section on risks and response considerations related to privileged access.
    PwC 新的審計部分關於特權訪問相關風險和應對考慮。
Significant Updates Summary
重要更新摘要
The following table summarises the most significant guidance updates:
以下表格總結了最重要的指導更新:

Interfaces 介面

  • New guidance on typical characteristics of interfaces and relevant considerations when understanding and determining our testing strategy, with and without ITGCs
    關於介面的典型特徵和在了解和確定我們的測試策略時相關考慮的新指導,包括有和沒有 ITGCs
  • Additional guidance on considerations that may be relevant based on our intended use of the interfaces in the audit and when we use technology solutions to test interfaces
    根據我們在審計中使用界面的目的以及我們使用技術解決方案來測試界面時可能相關的考慮的額外指導
  • Additional examples of audit procedures we could perform related to interfaces
    我們可以執行與界面相關的審計程序的額外示例
  • Additional guidance on relevant considerations when the entity uses tools, such as job schedulers
    當實體使用工具,如作業排程器時,有關考慮的額外指導

PwC Audit 5404 普華永道審計 5404

Automated controls 自動化控制

  • Substantial new guidance in the following areas related to testing automated controls:
    關於測試自動化控制的以下領域有重大新指引:
  • Examples of different categories of automated controls
    不同類別的自動化控制範例
  • Testing inherent automated controls
    測試固有的自動化控制
  • Testing automated controls in non-production environments
    在非生產環境中測試自動化控制
  • Testing automated controls after year-end
    在年終後測試自動化控制
  • Testing an automated control as a substantive test
    將自動化控制作為實質測試進行測試
  • Clarifications and additional examples on the extent of automated controls testing, and examples of testing procedures with and without ITGCs
    針對自動化控制測試範圍的澄清和附加示例,以及具有和不具有 ITGCs 的測試程序示例
PwC Audit 3606.3 PwC 審計 3606.3

Segregation of duties 職責分離

  • Additional guidance on relevant considerations when the entity uses rolebased access
    當實體使用基於角色的訪問時,有關考慮事項的附加指引
Guidance: PwC Audit 3606; PwC Audit 5107; PwC Audit 5404
指引:PwC 審計 3606;PwC 審計 5107;PwC 審計 5404