Auditing the EDP

By Hickman, James R. | Independent Banker, November 1994 | Go to article overview

Auditing the EDP


Hickman, James R., Independent Banker


Every bank with an in-house computer system is required to perform an annual independent electronic data processing (EDP) or information system audit. If an EDP audit is not performed, it could have a significant effect on a bank's rating during the next regulatory exam.

A bank's board of directors is responsible for ensuring that an adequate independent EDP audit is performed. Bank regulators require banks to establish effective internal controls and management information systems to safeguard information and measure operating performance and profitability.

EDP examinations generally evaluate a bank's internal control systems to ascertain the integrity, reliability and accuracy of data, as well as the quality of the management information systems supporting management decisions.

EDP AUDIT OPTIONS

The EDP audit can be either external or internal, or a combination of the two. More sophisticated computer systems, regardless of the bank's size, warrant audits performed by individuals with commensurate expertise.

The easiest solution is to hire an external auditor, preferably a certified public accountant to perform the EDP audit. Fees generally run from approximately $3,500 for a bank under $30 million in assets to as much as $30,000 for a bank with $300 million or more in assets, multiple branches, a mid-sized system, and network PCs.

Beware of "low-bid" proposals which deliver little more than a question-and-answer session using a general EDP questionnaire. A quality firm will provide a technical review of the system to include parameter file analysis, program maintenance and testing procedures and exception testing. Furthermore, the external EDP auditor should be experienced in the bank's hardware, software and operating system. Additionally, the audit should include testing using EDP audit software. At the end of the engagement, the auditor should issue an opinion letter and a comprehensive written report.

Outside firms should also be able to assist with the development of an EDP audit manual and an emergency/disaster recovery plan as well as provide EDP audit training.

Alternatively, banks not able to absorb the costs of an external EDP auditor may designate their internal auditor as the EDP auditor. He or she will need to develop an EDP audit program and receive EDP audit training. Moreover, particularly in smaller banks, the internal auditor may lack the technical and computer skills to perform the audit to the satisfaction of examiners. However, the expectations of examiners will largely depend on the size of the bank and the type and complexity of the computer system.

DIRECTORS' RESPONSIBILITIES

An institution should have written guidelines for the conduct of the information systems audit, and the auditor selected should be approved by the board of directors.

Although the performance of the audit may be delegated, the responsibility for ensuring a quality audit remains with the bank's board of directors. Audit results must be reported directly to the board of directors or its designated committee. Furthermore, the board must take actions to correct any deficiencies noted in the audit report.

According to the Federal Financial Institutions Examination Council's Information Systems Examination Handbook, "the board must periodically review and approve: the qualifications and independence of the auditors; the scope and frequency of the audit; the techniques used in performing the audit; the overall condition of the organization's information systems controls and operations; and management's actions to resolve material weaknesses cited in audit reports. …

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Auditing the EDP
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Full screen

matching results for page

Cited passage

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

"Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited passage

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.