[1] Does the client use IT applications such as ERP (Enterprise Resource Planning Software) for automated and paperless data processing?
[1] Does the client use IT applications such as ERP (Enterprise Resource Planning Software) for automated and paperless data processing?
Checklist ISA 315, Automated data exchange
[1a] The client uses none-complex standard software, e.g. Sage, KHK, DATEV
Checklist ISA 315, Automated data exchange
[1b] The client uses medium-sized and moderately complex standard software or IT applications, e.g. Comet.
Checklist ISA 315, Automated data exchange
[1c] The client uses large or complex IT applications (e.g. ERP systems), e.g. MS Business Central, Navision, Azure, Google, Amazon (AWS), SAP, MS 365, own development
Your ERP software was not listed? What is the Name of your software for automated and paperless processing of data.
Which modules of the ERP software are in use? In which business processes are they used? E.g. financial accounting, merchandise management. What is the name of the software used? Version? GOBD attestation?
Checklist ISA 315, Automated data exchange
[2] In what form are system-generated reports (e.g. totals and balance lists, business evaluations, merchandise management, account consolidation) generated for processing information?
[2a] What is the source of the data processed in the reports?
Checklist ISA 315, Automated data exchange
[3] Data entry: How does your client enter data?
[3a] Via which interface is the data entered?
Checklist ISA 315, Automated data exchange
[4] Data exchange: Are there automated internal and/or external interfaces for data exchange in the IT environment?
[4a] Via which interface does the data exchange take place?
Checklist ISA 315, Automated data exchange
[5] Where is the digital data, including the accounting documents, stored?
[5a] What is the relevance of the digital or analogue data for the audit?
Checklist ISA 315, IT applications and IT infrastructure
[6] Are self-developed applications used?
The client only uses simple, purchased applications with little or no adjustments (e.g. Lexware, Microsoft Office, WISO accounting 365 (Buhl), Sage 50). »Continue with question [7].
The client uses purchased applications, small business ERP software (e.g. SAP Business One, Dynamics 365 Business Central, Navision, Genius ERP, DELMIA Works, SYSPRO ERP, Sage 100, other Sage software, KHK Classic, other KHK software ( <- Check list, delete or expand if necessary) with little or no adjustments. »Continue with question [6a].
The client uses custom-developed applications or more complex ERP with significant adjustments (e.g. SAP). »Continue with question [7].
None
[6a] Which software exactly?
Checklist ISA 315, IT applications and IT infrastructure
[7] How is the client's IT infrastructure structured?
[7a] Describe the IT infrastructure. Which client-server solution do you use or what is the software-as-a-service you use?
Checklist ISA 315, IT applications and IT infrastructure
[8] Is data stored locally or externally?
[8a] Identify the hosting provider and hosting product? Is there a security certificate for hosting?
Checklist ISA 315, IT applications and IT infrastructure
[9] Are emerging technologies used in accounting (e.g. blockchain, robotics, artificial intelligence)?
[9a] What emerging technologies is the client using in the applications?
Checklist ISA 315, IT processes
[10] What is the skill level of the IT support staff?
[10a] What IT skills do staff have? Where does the primary responsibility for IT support lie?
Checklist ISA 315, IT processes
[11] How are access rights managed?
[11a] How many people have administrator rights? Who decides which people get admin rights? Who manages the administrator rights?
Checklist ISA 315, IT processes
[12] Does the organization have one or more external interfaces that could pose a cyber risk? (e.g. web-based applications or platforms with web-based access)
[12a] Name the web-based applications. Are there other role-based external interfaces in addition to the web-based ones?
Checklist ISA 315, IT processes
[13] Are changes made to the source code on a regular basis, and if so, to what extent do they affect information processing during the review period?
[13a] Which commercial applications are used? How many source code changes were made during the testing period?
Checklist ISA 315, IT processes
[14] Have significant changes been made to the IT applications or the underlying IT infrastructure (e.g. due to a data or system migration, upgrade, version jump, expansion of the old system, creation of new interfaces, ERP adjustments)?
[14a] Describe the changes in more detail.
Checklist ISA 315, IT processes
[15] Were significant data conversions performed during the audit period?
[15a] What was the type of data (e.g. financially relevant business data, data from the test period) and how was the conversion carried out (e.g. after cleaning up the old data, proof of integrity, avoidance of redundancies).