Internal Au diti ng CMA Part 1 Accounting Controls Versus Administrative Controls A financial audit will focus on accounting controls. An operational audit will focus on administrative controls. Accounting controls are concerned with the integrity and accuracy of the accounting system and the financial reports being generated, as follows: • Completeness: Are all of the transactions reflected in or captured by the accounting system? • Validity: Are only valid transactions recorded? • Authorization: Are all transactions properly authorized? • Accuracy: Are reported numbers accurate representations of the economic transactions that have occurred? Administrative controls are more focused on managements operating objectives. For example, outside salespeople might be required to submit reports on how many customer calls they make each week. This is a control over the operating goal of providing good customer service and increasing sales, but it has no direct control effect on the reported accounting numbers. Objectives of an Audit of Controls An audit of controls has the following objectives: 1) To determine whether controls are in place; 2) To determine whether the controls that are in place are structurally sound; 3) To determine whether the controls are designed to achieve a specific management objective, to achieve compliance with predetermined requirements, or to ensure accuracy and propriety of trans actions; 4) To determine whether the controls are being used properly; 5) To determine whether the controls are efficiently serving their purpose; 6) To determine whether the controls are effective; 7) To determine whether management is using the output of the control system; Testing Compliance with Controls To test compliance with controls and evaluate their effectiveness, the auditor should investigate the following: 1) Are procedures being followed? 2) Is the output being used? 3) Is the input into the system valid, accurate, and reasonable? 4) If the system is computerized, is it operating properly? 5) Is the output of the control operation valid? 6) Is the control output achieving managements objective in establishing the control? 7) Is the control system operating as intended? 8) Does the control system have the following required characteristics? a. Flexibility. b. Timeliness. c. Accountability. d. Cause identification. e. Appropriateness. f. Placement. 344 Section D Internal Auditin g Procedures the auditor performs to test operating effectiveness of controls include a mix oftests. Some types of tests produce greater evidence of the effectiveness of the controls than other tests. Here are the tests that an auditor might perform in order of the evidence they would usually produce, from least evidence to most evidence: 1) Inquiry of appropriate personnel; 2) Observation; 3) Inspection of relevant documentation; and 4) Re-performance of a control. Inquiry alone does not provide sufficient evidence to support a conclusion about the effectiveness of a control. Testing controls over a greater period oftime provides more evidence of the effectiveness of the controls than testing over a shorter period of time does. The tests of controls should be performed as close to the as of date of the management assessment of controls over financial reporting as possible, balanced with the need to test the controls over a sufficient period of time to obtain sufficient evidence of their operating effective ness. Control Breakdowns If an internal auditor identifies a material weakness that could cause a control breakdown, this information should be included in the auditors report. The auditor may choose to issue an interim report or may decide to wait and include the information in the final report. Generally, interim reports should be issued whenever there is something that needs to be addressed immediately. So if a control breakdown needs to be addressed immediately, an interim report should be issued. Interim reports are covered under the topic of Internal Audit Reports, below. If an internal auditor identifies a deficiency in a control over financial reporting, the auditor should evaluate the severity of the deficiency to determine whether the defiCiency, either individually or in combination with other deficiencies, represents a material weakness as of the date of the management assessment. The severity depends upon: • Whether there is a reasonable possibility that the companys controls will fail to prevent or detect a misstatement of an account balance or disclosure; and • The magnitude of the potential misstatement resulting from the deficiency or deficiencies. The auditor should evaluate the effect of compensating controls when determining whether a control defiCiency is a material weakness. In order to have a mitigating effect, a compensating control should operate at a level of precision that would prevent or detect any misstatement that would be material. Risk factors affect whether there is a reasonable possibility that a deficiency or a combination of deficiencies will result in a misstatement of an account balance or disclosure. These risk factors include: • The nature of the financial statement accounts, disclosures, and assertions involved; • The susceptibility of the related asset or liability to loss or fraud, or how likely it is that something could go wrong; • The subjectivity, complexity, or extent of judgment required to determine the amount involved; • The interaction or relationship of the control with other controls, including whether they are interde pendent or redundant; • The interaction of the deficiencies, i.e., if there is more than one, could they in combination cause a material misstatement; and • The possible future consequences of the deficiency. 345 Internal Au diti ng CMA Part 1 If multiple control deficiencies affect the same financial statement account balance or disclosure, that increases the likelihood of misstatement and may, in combination, constitute a material weakness, even though each deficiency individually may not be severe. Factors that affect the magnitude of the misstatement that might result from a deficiency or deficiency in controls include: • The financial statement amounts or total of transactions exposed to the deficiency; and • The volume of activity in the account balance or class of transactions exposed to the deficiency that has occurred in the current period or that is expected In future periods. The maximum amount that an account balance or transaction total could be overstated is generally the recorded amount, or 100% of the account balance. Understatements could be larger than the amount of the account balance and can be unlimited. However, in many cases, the probability of a small misstatement will be greater than the probability of a large misstatement. Detectio n an d Pre ventio n of Frau d The internal auditor is responsible for examining the controls that are in place to determine if they are adequate to prevent or detect fraud, and the internal auditor is also responsible for examining for fraud. However, the internal auditor is not responsible for preventing fraud. Because of the fact that people may work together to get around the system and its controls, it is impossible for anyone to guarantee that there is not and will not be fraud. It is preferable to prevent fraud through using controls rather than detecting fraud after the fact; however, this may not always be possible. If fraud is suspected, the internal auditor should notify the appropriate management level within the organization. Note: In cases of fraud, the internal auditor is interested in how the fraud occurred, what needs to be fixed in the controls, and what needs to be done to prevent it again in the future. The factors that contribute to fraud are varied and numerous, but by being aware of them, the auditor is in a better position to detect and prevent fraud by knowing where it may occur. Some of the factors contributing to fraud are insufficient internal controls in general. Specifically, these are: 1) No segregation of duties; 2) Not limiting the access to assets; 3) Failing to compare existing assets with recorded assets; 4) Executing transactions without proper authorization; 5) Lack of personnel or qualified personnel that leads to improper controls; 6) Collusion among employees; 7) The existence of high-value, small, liquid assets; and 8) The ability of management to override the controls in place. 346 Section D Internal Auditin g The Institute of Internal Auditors (IIAs) position on deterrence, detection, investigation and reporting of fraud is: 1) The deterrence of fraud is the responsibility of management. 2) Internal auditors must have sufficient knowledge to be able to identify the indicators that fraud may have occu rred. 3) If control weaknesses are detected, additional tests should be performed to identify other factors of fraud that may be present. 4) Audit procedures alone will not guarantee that fraud will be detected. 5) A fraud that is detected needs to be reported. Question 194: When comparing perpetrators who have embezzled company funds to perpetrators of financial statement fraud (falsified financial statements), those who have falsified financial statements would be less likely to: a) Be living beyond their obvious means of support. b) Rationalize the fraudulent behavior. c) Use company expectations as justification for the act. d) Have experienced an autocratic management style. (CIA Adapted) Consideration of Fraud in the Planning of a Financial Statement Audit The auditor should develop and plan the audit with a reasonable assurance of detecting material fraud or misstatements. However, due to the fact that the perpetrators of fraud will try to hide the fact, it is not possible to guarantee discovery of material frauds. Fraud is different from an error in that fraud is an intentional misstatement while an error is unintentional. The three main types of fraud are: 1) Misstatements arising from fraudulent financial reporting Fraudulent financial reporting involves intentional misstatements in the financial statements that are made to mislead users. This includes omission of information from the financial statements and a misapplication of accounting principles. 2) Misstatements arising from the misappropriation of assets (stealing) This includes theft, embezzlement and any action that causes the company to expend cash for things that will not benefit the company. 3) Corruption This includes bribes, kickbacks, conflicts of interest and other things that prevent an employee from acting fully and morally on the behalf of the company. As the auditor is supposed to find material misstatements, the risk of misstatement due to fraud needs to be specifically considered in the planning of the audit. Management conditions or the desires of individuals to meet goals, industry conditions, the regulatory environment and the nature of the business will all influence the risk of fraudulent reporting. A major risk factor that could indicate possible fraudulent financial reporting is the occurrence of management override of controls. Studies have shown that in cases of fraudulent financial reporting, management has been able to repeatedly override systems of internal accounting control. 347 Internal Au diti ng CMA Part 1 The types of controls and assets a company has will influence the risk of the misappropriation of assets. The auditor will also inquire of management about their understanding of the risks and their knowledge of any frauds that are being, or can be committed, within the company. When an internal auditor suspects fraud, he or she should determine the possible effects and discuss the matter with the appropriate level of management who should then initiate an investigation. When wrongdoing is suspected, the auditors responsibility extends to the appropriate level of management within the organization. It is generally not the auditors duty to report this to individuals outside of the organization, although the auditor may in some cases need to report this event to the SEC, a predecessor auditor, a court or to a governmental agency. Question 195: Which of the following policies is most likely to result in an environment conducive to the occurrence of fraud? a) The divisions hiring process frequently results in the rejection of trained applicants. b) Budget preparation input by the employees who are responsible for meeting the budget. c) The application of some accounting controls on a sample basis. d) Unreasonable sales and production goals. (CIA Adapted) Question 196: When conducting fraud investigations, the internal audit function should: a) Assess the probable level of and the extent of the fraud within the organization. b) Assign personnel to the investigation based on the audit schedule established at the beginning of the fiscal year. c) Clearly indicate the extent of internal auditings knowledge of the fraud when questioning suspects. d) Perform its investigation independent of lawyers, security personnel and specialists from outside the organization who are involved in the investigation. (CIA Adapted) Internal Au dit Re ports Audit reports may take many different forms and they may be issued for many different types of projects. They may be formal or informal, written or oral, interim reports, final reports, or summary reports. The format of the report will depend upon the type of the audit, the results of the audit, what management needs, the nature of the company and how internal audit is accepted by the various levels of the organization. However, there are some similarities between all of the different types of reports. All reports must include the purpose, the scope, the results and (if appropriate) an opinion. In addition to these items, a report may also include any of the following items: • Background information and summaries, • The status of findings from previous audits, • Recommendations of potential improvements, • Acknowledgement of good performance and corrective actions taken, and • Comments from the department that was audited. 348 Section D Internal Auditing Oral Reports and Interim Reports Oral reports should supplement written reports but do not replace written reports. Oral reports are timelier (and this is essential for a problem that needs to be immediately fixed) and will help develop the relationship between the auditor and the auditee through increased, informal communication. More timely oral reports also enable the auditee to point out any errors in the logic or understanding that the auditor used in coming to the conclusion that has been reached. Despite the flexibility of oral reports, they still require adequate preparation to gain the maximum benefit. Interim reports are issued during the process of the audit. Interim report does not mean that these are reports that are issued with the interim financial statements. Interim reports should be issued whenever there is something that needs to be addressed immediately or if there is a need to change the scope of the audit. Or one may be issued simply to keep people informed when the audit process is a long one. Because they are not final reports, interim reports should state that they include only information to date, not complete reporting. They should also state that the final report will follow-up on, and cover, all remaining issues from the audit. Preparing the Final Written Internal Audit Report The chief audit executive must communicate results to the appropriate parties (Internal Auditing Standard No. 2440). This means that the chief audit executive or designee must review and approve the final engagement communication before issuance and decide to whom and how it will be disseminated. Except for very simple reports, the auditor should first prepare a brief outline of the report, including main headings such as Summary, Forward, Purpose, Scope, Opinion and Findings. Each finding may require an additional outline in order to properly explain and address it. All reports should be • Objective, • Clear, • Concise (no longer than necessary), • Timely, and • Constructive (helpful to the company and leading to some sort of improvement). Contents ofthe Final Report At a minimum, the final report should contain the purpose, scope and results of the engagement (discussed more fully below). Also, where appropriate, the report should contain the intemal auditors overall opinion. The final communication may include background information and summaries. Background information may identify the organizational units and activities reviewed and provide relevant explanatory information. It may also include the status of observations, conclusions and recommendations from prior reports and an indication of whether the report covers a scheduled engagement or is responding to a request. Summaries, if included, should be balanced representations of the engagement communications content. The final report should be signed by either the chief audit executive or a person who is designated to sign the report. 349 Internal Au diti ng CMA Part 1 Purpose of the Engagement In this section of the report, the auditor outlines the engagement objectives (this must always be included in the report) and also may include why the engagement was performed and what the expected results were from the engagement (i.e., cost savings, increased efficienCies, etc.). The audit objective should be described in enough detail so that readers will know what to expect from the rest of the report. The objectives should be spelled out, and then the findings should address themselves to each statement in the objectives. The engagements objectives also should address the risks, controls and governance processes associated with the activities under review. Scope of the Engagement The scope of the engagement is a description of how much work was done to achieve the engagements objectives. This section outlines what was done on the engagement, including: • The activities that were reviewed; • The time period reviewed (if appropriate); • Any related activities that were not reviewed; and • The nature and extent of the work performed. The scope of the engagement should speCifically state what areas were not covered by the audit that readers would expect to be covered by the audit unless told differently. The scope of the engagement must include consideration of relevant systems, records, personnel, and physical properties, including those under the control of third parties (Internal Auditing Standard No. 2220.Al). In performing consulting engagements, internal auditors should ensure that the scope of the engagement is sufficient to address the agreed-upon objectives. If internal auditors develop reservations about the scope during the engagement, these reservations should be discussed with the client to determine whether to continue with the engagement. A scope limitation occurs when the auditor is unable to perform all of the required procedures. The cause of the scope limitation is not important. Any scope limitations should be reported. Results of the Engagement This section includes the observations, conclusions (or opinions if appropriate), recommendations and action plans from the engagement. 1) Observations are the relevant statements of fact, or audit findings, discovered during the en gagement. These observations are made as a result of comparing the difference between the current state of affairs (what Is) with the ideal state of affairs (what should be). Any observations that are essential to the understanding of the conclusion should be included in the final report. Other less material or less significant observations can be communicated in less formal ways. An audit finding should include certain elements: Background, criteria, condition, cause, and ef fect. a. Background: The person reading the report must be given enough background about the situa b. Criteria: The criteria are the standards used to judge the operation being audited. They should tion in order to understand the reasons why the auditor believes the finding should be reported. Background can identify the people involved, the organizations relationships, and objectives and goals concerned. It should describe the environment of the operation and the reason why the sit uation is important enough to be reportable. include goals and/or objectives that management has for the audited operation, i.e., what the audited operation should be accomplishing. This is the ftwhat should be. The goals and objec- 350 Section D Internal Auditin g c. Condition: The condition is the heart of the audit finding. This is the what is. It refers to the d. Cause: Every audit finding is caused by some difference between what is and what should e. Effect: Effect gives the consequences of the difference between what is and what should tives may include operating standards. In order to appraise an operation, it is necessary to have an understanding of its goals and/or objectives. facts determined by the internal auditor through observation, questioning, analysis, verification and investigation. The information about the condition should be sufficient, competent and rele vant. The condition should be representative of the total population or system under review. Or, if it is an isolated instance, it should be reported as a significant defect. The condition is the facts upon which the conclusions are based, and the facts presented should be indisputable. be. The cause explains the reason for deviations from the criteria, or why what is is different from what should be. Unless the cause is identified, the situation cannot be corrected. be. It answers the question, So what?. An audit finding should not be merely some deviation from procedures. In order to be reportable, an audit finding should have consequences. Effect tells who or what was hurt, and how badly. Effect is the element of an audit finding that is re quired in order to convince the client and senior management that if the undesirable condition continues, it will cause serious damage and would create more costs than the cost of the action needed to correct the problem. If the finding is an economy or efficiency finding, the effect should be measured in dollars. If the finding is an effectiveness finding, the effect is the organi zations inability to accomplish some desired or required result. Effect is an essential part of an audit finding. Without it, the chances that corrective action will be taken are slim. If the engagement finds that everything that is supposed to happen is actually happening, then this satisfactory performance should also be communicated in the report. 2) Conclusions are the internal auditors evaluations of the effects of the observations and recommen dations on the activities that were reviewed. These may state whether a function is operating as intended, if control criteria are being met, if objectives and goals are being met, etc. 3) The report should include recommendations for improved performance, acknowledgement of satisfactory performance and any action plans for corrective actions that need to be implemented. The recommendations are based on the observations and conclusions of the internal auditor. The suggested corrective actions may be very specific about what needs to be done or more general, such as the identification of areas for further study. The final report may also include improvements that have been made or implemented by the auditee since the last engagement. 351 Internal Au diti ng CMA Part 1 Summary Reports A summary report may be issued in addition to the full audit report. The purpose of a summary report is to inform senior management on a timely basis about significant findings of the audit activity. A summary report can be a report of one or two pages in length that informs senior management of what matters the auditors have discovered that need prompt or continued attention. Audited units that are doing well need no senior management attention, so summary reports should concentrate on the exceptions and problems that need attention. Summary reports can be issued for each completed internal audit. Internal auditors should ask senior management what information they want to know about completed audit projects and include that in the summary report. Generally, an executive summary of a completed audit should include the following: • A brief description of the audit; • Conclusions; • Summary statements of significant findings, with references to the page numbers in the full audit report where detail can be found; and • A brief description of the actions that have been taken by the client as a result of the audit findings. Summary reports have the advantage of prompt reporting. However, a disadvantage is that they have the potential to cause unfavorable auditor-client relations because they concentrate on reporting defects. This adverse effect can be offset by making some overall objective comments, as well. Report Review and Distribution It is a courtesy to review the report with the person or department being audited so that the auditee knows what is being sent to his or her supervisors and will not be surprised by the report. This review may also allow the auditee to identify any inaccuracies in the report. During this meeting between the auditor and the auditee, the auditor is the person leading the meeting and needs to be prepared for any disagreements or conflicts that may arise as a result of the audit report. In no circumstances will the auditor allow the auditee to write or change the report - this is the auditors responsibility. Notes should be kept from any review meeting, with a record of any conflicts or disagreements and their resolution. The report should be distributed to everyone who has a direct interest in the audit. This includes the executive or executives to whom internal audit reports, the person to whom people will reply about the report, persons responsible for the activities or operations audited, and those who will need to take corrective action as a result of the audit. When it is distributed, it should include a list of people to whom it was distributed and who reviewed it during the draft stage. Information that is sensitive, privileged or proprietary should be disclosed in a separate report and delivered to the audit committee. 352 Section D Internal Auditin g Question 197: The internal auditing department for a chain of retail stores recently concluded an audit of sales adjustments in all stores in the southeast region. The audit revealed that several stores are costing the company an estimated $85,000 per quarter in duplicate credits to customers charge accounts. The audit report, published 8 weeks after the audit was concluded, included the internal auditors recommen dations to store management that should prevent duplicate credits to customers accounts. Which of the following standards for reporting has been disregarded in the above case? a) Auditor recommendations should not be included in the report. b) The auditors should have implemented appropriate corrective action as soon as the duplicate credits were discovered. c) The follow-up actions were not adequate. d) The report was not timely. (CIA Adapted) Types of Incidents That Should Be Reported When reporting on the results of their work, internal auditors should reveal all material facts known to them which, if not revealed, could either distort reports of operations under review or conceal unlawful practices. Any variance between what should be and what is should be reported. Examples of incidents that should be reported include but are not limited to: 1) Fraud. If fraud is suspected, the internal auditor should notify the appropriate level within the organization. This level is always at least one level above where the fraud is suspected. 2) Violation of any law, such as environmental regulations. 3) In a quality audit, inconsistent product quality that may cause a loss of market share. 4) A situation in which no control failure has occurred, no illegal activity is going on, and no accounting errors have occurred may also be a reportable situation in certain circumstances. For instance, if an auditor discovers that a major supplier is not offering the organization a discount for early payment when the auditor knows that the supplier is offering discounts to other companies on similar pur chases, the goal of efficiency would indicate that he or she report this information to management. Au ditor Follow-Up Internal Auditing Standards require that internal auditors follow-up on the actions taken by auditees in regards to any deficiencies found. The auditor should determine that either corrective action has been taken, or that management has assumed the risk of not taking corrective action. In order to follow-up, the auditor should receive all of the replies from the auditees, evaluate whether those replies are adequate and then be certain that actions will be and are actually taken to correct the problems. In order to ensure that the actions have been taken, the auditor may need to do additional testing after the correction has been put into place. The auditor is the best person to carry out this necessary step because he/she is more familiar with the situation - and the potential risks - than management; furthermore, the auditor should be more impartial and objective than the manager who has to make the changes. For this process to be effective, the auditor needs to report to management when corrective actions have not been taken, have not been timely or are not effective. In addition, the auditor needs to follow-up on those audit findings that have not been addressed. A satisfactory response is one that addresses the whole problem and shows that action has been taken to prevent the recurrence of the deficiency. 353 Internal Au diti ng CMA Part 1 If this system is to work to its fullest, there must be a process by which all audits are kept open until each deficiency has been addressed, through either correction or assumption of the risk by management. When the audit is closed, the auditor should issue a formal statement of closure directed to the chief audit executive. In addition, there should be a follow-up report distributed to the same parties who received the audit report, informing them of the results of any corrective action taken. Question 198: The internal auditor should follow up to ascertain that appropriate action is taken on deficiency findings. To accomplish this, the Internal auditor should : a) Make any field tests needed for assurance that the condition has been corrected. b) Limit internal audit follow-up to receiving written confirmation from the auditee that appropriate corrective action has been taken. c) Work closely with the external auditor. d) Be guided by the wishes of the audit committee. (CMA Adapted) Com puterize d Au dit Techniques Internal auditors use the computer to evaluate the processing being done by the computer and the controls that are in place. There are a variety of tools that auditors can use to audit information systems. Generalized Audit Software Generalized audit software (GAS) permits the computer to be used by auditors as an auditing tool. The computer can select, extract, and process sample data from computer files. Generalized audit software can be used on mainframe computers and also on PCs. Generalized audit software can check computations, search files for unusual items, and perform statistical selection of sample data. It can also prepare confirmation requests. Test Data Test data is input prepared by an auditor which contains both valid and invalid data. The input is processed manually to determine what the output should look like. The auditor then processes the test data electronical ly and compares the manually-processed results with the electronically-processed results. Test data is used not only by auditors but also by programmers to verify the processing accuracy of the programs they write and the programming changes they make. Data used as test data might be real data, or it might be fictitious transactions. Since test data is not data that should actually be processed, it is important to ensure that the test data do not actually update any of the real data files maintained by the system. Test data can only evaluate programs. Other tests that verify the integrity of input and output are required as well. And the test data usually cannot represent all possible conditions that a computer program might encounter in use. Furthermore, test data can be run only on a specific program at a specific time. Because the test data must be processed separately from other data, the auditor cannot be sure that the program being tested is the same program that is used in actual processing. 354 Section D Internal Auditin g Integrated Test Facility An Integrated Test Facility (ITF) involves the use of test data and also creation of test entities that do not really exist, such as vendors, employees, products, or customers. The fictitious entities are actually included in the systems master files, and the test data are processed concurrently with real transactions. The transactions are processed against live master files that contain the real records as well as the fictitious records. The major difference between test data and an ITF is that the test data in an ITF are processed along with real data. No one knows that the data being processed includes these fictitious entries to fictitious records. In this way, the auditor can be sure that the programs being checked are the same programs as those that are being used to process the real data. The difficulty with using the ITF approach is that the fictitious transactions have to be excluded from the normal outputs of the system in some way. This may be done manually, or it may be done by designing or modifying the application programs. Either way, the fictitious transactions must be identified by means of special codes so they can be segregated from the real data. Careful planning is required to make sure that the ITF data do not become mixed in with the real data, corrupting the real data. If this careful planning is done, the costs of using ITF are minimal, because there is no special processing required and thus no interruption of normal computer activity. There are costs involved in developing an ITF, both while the application is being developed and as later modifications are made to it. However, once the initial costs are past, the ongoing operating costs are low. ITF is normally used to audit large computer systems that use real-time processing. Parallel Simulation Parallel simulation is an audit technique that uses real data rather than simulated data but processes it through test or audit programs. The output from the parallel simulation is compared with the output from the real processing. Parallel simulation is expensive and time-consuming and is usually limited to sections of an audit that are of major concern and are important enough that they require an audit of 100% of the transactions. Since parallel simulation is done using test programs, it can be done on a computer other than the one used for the real processing. Embedded Audit Routines Embedded audit routines involve modifying a regular production program by building special auditing routines into it so that transaction data can be analyzed. Embedded audit data collection is one type of embedded audit routine, and it uses specially programmed modules embedded as inline·code within the regular program code. The embedded routine selects and records data as it is processing the data for normal production purposes, for later analysis and evaluation by an auditor. Transactions are selected by the embedded audit routine according to auditor-determined parameters for limits and reasonableness. Transactions that violate those parameters are written to a file as exceptions. Alternatively, transactions might be selected randomly. If transactions are selected randomly, the objective is to create a statistical sample of transactions for auditing. The approach that selects transactions that violate established limits is called a system control audit review file (SCARF). The approach that selects random transactions is called a sample audit review file (SARF). It is easier to develop embedded audit routines when a program is initially developed than to add them later.
Posted on: Mon, 25 Nov 2013 10:18:57 +0000
Trending Topics
Recently Viewed Topics
© 2015