a. Application Controls for Computerised Systems:

• Input Controls: Ensure that data entry is accurate, complete, and authorized by using validation checks, drop-down lists, and restricted access for data entry points.
• Processing Controls: Implement checks to ensure data is processed correctly, such as batch totals, sequence checks, and automated reconciliations to verify data integrity.
• Output Controls: Control output reports and data by implementing authorization checks before releasing information, as well as maintaining secure access to output devices.
• Access Controls: Use passwords, multi-factor authentication, and user-level restrictions to limit access to critical systems and data to authorized personnel only.
• Integrity Controls: Apply encryption and data validation techniques to protect data integrity during storage and transmission, ensuring data remains accurate and unaltered.
• Audit Trail: Maintain a detailed record of user activities, changes made to the system, and transaction logs to provide accountability and facilitate audits.
• Backup and Recovery Controls: Ensure regular backups are conducted, and establish recovery procedures to protect against data loss in case of system failures.

b. Audit Strategy in Accordance with ISA 300:

• Understanding the Client’s Environment: Conduct a thorough review of the client’s business, industry, regulatory requirements, and internal controls to assess the impact on audit planning.
• Risk Assessment: Identify and assess risks of material misstatement, focusing on the specific risks associated with computerised systems, including data security, system changes, and user access.
• Audit Objectives and Scope: Define clear objectives for the audit, specifying areas of focus based on the complexity of the client’s computerised systems and the nature of the financial transactions.
• Materiality and Tolerable Misstatement: Set materiality thresholds based on the client’s financial statements to guide the level of acceptable error and ensure sufficient audit evidence is gathered.
• Audit Approach: Choose a risk-based audit approach, combining substantive testing and control testing, particularly in areas where reliance on computerised systems is high.
• Resource Allocation: Assign resources, including IT audit specialists if necessary, to handle the unique aspects of auditing computerised environments, ensuring team members have relevant expertise.
• Engagement Timeline and Milestones: Establish timelines, including key audit milestones, to monitor progress and ensure the audit is completed efficiently and on schedule.
• Communication with Client Management: Plan regular communication with the client’s management and IT personnel to address any issues that arise and obtain updates on system changes or security incidents.